admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-06 18:01:01 +00:00
parent 8f3b1ef8f1
commit bde1092daf
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
69 changed files with 3923 additions and 1418 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2021/25xxx/CVE-2021-25467.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25467",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R(11.0) devices with Exynos 980, 9830, 2100 chipsets",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25468.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25468",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Select Q(10.0), R(11.0) devices with Exynos chipsets",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25469.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25469",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Select Q(10.0), R(11.0) devices with Exynos chipsets",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25470.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25470",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Select P(9.0), Q(10.0), R(11.0) devices with Exynos and Mediatek chipsets",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25471.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25471",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0) devices with Exynos CP chipsets",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25472.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25472",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25473.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25473",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25474.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25474",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25475.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25475",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Q(10.0), R(11.0) ",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25476.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25476",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Select Q(10.0), R(11.0) devices with Exynos chipsets",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1295: Debug Messages Revealing Unnecessary Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25477.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25477",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415: Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25478.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25478",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0) ",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25479.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25479",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25480.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0) ",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25481.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25481",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25482.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25482",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25483.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25483",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": " CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25484.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1 go), Q(10.0 go), R(11.0 go)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": " CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25485.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25486.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25486",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "Low",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25487.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25487",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25488.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25489.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25489",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25490.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25490",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25491.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: Null Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25492.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Notes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.3.02.61"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25493.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Notes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.3.02.61"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25494.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Notes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.3.02.61"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25495.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Notes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.3.02.61"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25496.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Notes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.3.02.61"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25497.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Notes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.3.02.61"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25498.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Notes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.3.02.61"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2021/25xxx/CVE-2021-25499.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Galaxy Store",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "-",
"version_value": "4.5.32.4"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

216
2021/29xxx/CVE-2021-29758.json
View File

@ -1,111 +1,111 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6495969",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6495969",
"title" : "IBM Security Bulletin 6495969 (Sterling B2B Integrator)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202169",
"refsource" : "XF",
"name" : "ibm-sterling-cve202129758-access-control (202169)"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "5.2.6.5_4"
},
{
"version_value" : "6.0.0.6"
}
]
}
}
]
}
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "N",
"AC" : "L",
"S" : "U",
"I" : "L",
"AV" : "N",
"UI" : "N",
"SCORE" : "4.300",
"PR" : "L",
"A" : "N"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-29758",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC"
},
"data_type" : "CVE"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6495969",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6495969",
"title": "IBM Security Bulletin 6495969 (Sterling B2B Integrator)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202169",
"refsource": "XF",
"name": "ibm-sterling-cve202129758-access-control (202169)"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "5.2.6.5_4"
},
{
"version_value": "6.0.0.6"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvssv3": {
"BM": {
"C": "N",
"AC": "L",
"S": "U",
"I": "L",
"AV": "N",
"UI": "N",
"SCORE": "4.300",
"PR": "L",
"A": "N"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29758",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC"
},
"data_type": "CVE"
}

216
2021/29xxx/CVE-2021-29760.json
View File

@ -1,111 +1,111 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"data_format" : "MITRE",
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"A" : "N",
"PR" : "L",
"SCORE" : "5.400",
"UI" : "N",
"I" : "L",
"AV" : "N",
"S" : "U",
"AC" : "L",
"C" : "L"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6495969 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/pages/node/6495969",
"url" : "https://www.ibm.com/support/pages/node/6495969",
"refsource" : "CONFIRM"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202213",
"name" : "ibm-sterling-cve202129760-file-download (202213)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "5.2.6.5_4"
},
{
"version_value" : "6.0.0.6"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29760",
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC"
}
}
]
},
"data_format": "MITRE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"A": "N",
"PR": "L",
"SCORE": "5.400",
"UI": "N",
"I": "L",
"AV": "N",
"S": "U",
"AC": "L",
"C": "L"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6495969 (Sterling B2B Integrator)",
"name": "https://www.ibm.com/support/pages/node/6495969",
"url": "https://www.ibm.com/support/pages/node/6495969",
"refsource": "CONFIRM"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202213",
"name": "ibm-sterling-cve202129760-file-download (202213)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "5.2.6.5_4"
},
{
"version_value": "6.0.0.6"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29760",
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC"
}
}

216
2021/29xxx/CVE-2021-29761.json
View File

@ -1,111 +1,111 @@
{
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"SCORE" : "4.300",
"PR" : "L",
"A" : "N",
"C" : "L",
"AC" : "L",
"S" : "U",
"UI" : "N",
"I" : "N",
"AV" : "N"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6495969 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/pages/node/6495969",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6495969"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202265",
"name" : "ibm-sterling-cve202129761-info-disc (202265)",
"title" : "X-Force Vulnerability Report"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "5.2.6.5_4"
},
{
"version_value" : "6.0.0.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"SCORE": "4.300",
"PR": "L",
"A": "N",
"C": "L",
"AC": "L",
"S": "U",
"UI": "N",
"I": "N",
"AV": "N"
}
]
}
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2021-29761",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6495969 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/pages/node/6495969",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6495969"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202265",
"name": "ibm-sterling-cve202129761-info-disc (202265)",
"title": "X-Force Vulnerability Report"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "5.2.6.5_4"
},
{
"version_value": "6.0.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE"
}
}
},
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2021-29761",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_format": "MITRE"
}

192
2021/29xxx/CVE-2021-29764.json
View File

@ -1,99 +1,99 @@
{
"data_type" : "CVE",
"CVE_data_meta" : {
"ID" : "CVE-2021-29764",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"A" : "N",
"PR" : "L",
"SCORE" : "6.400",
"S" : "C",
"I" : "L",
"AV" : "N",
"UI" : "N",
"C" : "L",
"AC" : "L"
}
}
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2021-29764",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC"
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"A": "N",
"PR": "L",
"SCORE": "6.400",
"S": "C",
"I": "L",
"AV": "N",
"UI": "N",
"C": "L",
"AC": "L"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6495967",
"url" : "https://www.ibm.com/support/pages/node/6495967",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6495967 (Sterling B2B Integrator)"
},
{
"name" : "ibm-sterling-cve202129764-xss (202268)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202268",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
}
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
}
}
]
}
]
},
"data_format" : "MITRE"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6495967",
"url": "https://www.ibm.com/support/pages/node/6495967",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6495967 (Sterling B2B Integrator)"
},
{
"name": "ibm-sterling-cve202129764-xss (202268)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202268",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_format": "MITRE"
}

192
2021/29xxx/CVE-2021-29798.json
View File

@ -1,99 +1,99 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"ID" : "CVE-2021-29798",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6495925 (Sterling B2B Integrator)",
"name" : "https://www.ibm.com/support/pages/node/6495925",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6495925"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203734",
"name" : "ibm-sterling-cve202129798-sql-injection (203734)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"UI" : "N",
"AV" : "N",
"I" : "L",
"S" : "U",
"AC" : "L",
"C" : "L",
"A" : "L",
"PR" : "L",
"SCORE" : "6.300"
}
}
},
"data_version" : "4.0"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-10-05T00:00:00",
"ID": "CVE-2021-29798",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734."
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6495925 (Sterling B2B Integrator)",
"name": "https://www.ibm.com/support/pages/node/6495925",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6495925"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203734",
"name": "ibm-sterling-cve202129798-sql-injection (203734)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"UI": "N",
"AV": "N",
"I": "L",
"S": "U",
"AC": "L",
"C": "L",
"A": "L",
"PR": "L",
"SCORE": "6.300"
}
}
},
"data_version": "4.0"
}

214
2021/29xxx/CVE-2021-29836.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29836"
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6495921 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/pages/node/6495921",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6495921"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-sterling-cve202129836-xss (204912)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/204912",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29836"
},
"data_type": "CVE",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "5.2.6.5_4"
},
{
"version_value" : "6.0.0.6"
},
{
"version_value" : "2.2.0.0"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912."
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"SCORE" : "5.400",
"PR" : "L",
"A" : "N",
"C" : "L",
"AC" : "L",
"S" : "C",
"UI" : "R",
"AV" : "N",
"I" : "L"
},
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Cross-Site Scripting",
"lang" : "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6495921 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/pages/node/6495921",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6495921"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-sterling-cve202129836-xss (204912)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204912",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "5.2.6.5_4"
},
{
"version_value": "6.0.0.6"
},
{
"version_value": "2.2.0.0"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"impact": {
"cvssv3": {
"BM": {
"SCORE": "5.400",
"PR": "L",
"A": "N",
"C": "L",
"AC": "L",
"S": "C",
"UI": "R",
"AV": "N",
"I": "L"
},
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
}
}
},
"data_version": "4.0",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Cross-Site Scripting",
"lang": "eng"
}
]
}
]
}
}

194
2021/29xxx/CVE-2021-29837.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29837"
},
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6495907 (Sterling B2B Integrator)",
"url" : "https://www.ibm.com/support/pages/node/6495907",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6495907"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/204913",
"refsource" : "XF",
"name" : "ibm-sterling-cve202129837-csrf (204913)"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913."
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
},
"BM" : {
"UI" : "R",
"I" : "L",
"AV" : "N",
"S" : "U",
"AC" : "L",
"C" : "N",
"A" : "N",
"SCORE" : "4.300",
"PR" : "N"
}
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
"CVE_data_meta": {
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29837"
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6495907 (Sterling B2B Integrator)",
"url": "https://www.ibm.com/support/pages/node/6495907",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6495907"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204913",
"refsource": "XF",
"name": "ibm-sterling-cve202129837-csrf (204913)"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913."
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
},
"BM": {
"UI": "R",
"I": "L",
"AV": "N",
"S": "U",
"AC": "L",
"C": "N",
"A": "N",
"SCORE": "4.300",
"PR": "N"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}

192
2021/29xxx/CVE-2021-29855.json
View File

@ -1,99 +1,99 @@
{
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.400",
"PR" : "L",
"A" : "N",
"AC" : "L",
"C" : "L",
"I" : "L",
"AV" : "N",
"UI" : "R",
"S" : "C"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
},
"vendor_name" : "IBM"
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"SCORE": "5.400",
"PR": "L",
"A": "N",
"AC": "L",
"C": "L",
"I": "L",
"AV": "N",
"UI": "R",
"S": "C"
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6495965",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6495965",
"title" : "IBM Security Bulletin 6495965 (Sterling B2B Integrator)"
},
{
"name" : "ibm-sterling-cve202129855-xss (205684)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/205684",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684.",
"lang" : "eng"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29855",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-10-05T00:00:00"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6495965",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6495965",
"title": "IBM Security Bulletin 6495965 (Sterling B2B Integrator)"
},
{
"name": "ibm-sterling-cve202129855-xss (205684)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205684",
"title": "X-Force Vulnerability Report"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684.",
"lang": "eng"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29855",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-10-05T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"data_format": "MITRE"
}

192
2021/29xxx/CVE-2021-29903.json
View File

@ -1,99 +1,99 @@
{
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Data Manipulation",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506."
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6495919",
"url" : "https://www.ibm.com/support/pages/node/6495919",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6495919 (Sterling B2B Integrator)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/207506",
"refsource" : "XF",
"name" : "ibm-sterling-cve202129903-sql-injection (207506)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
}
]
},
"product_name" : "Sterling B2B Integrator"
}
]
}
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
}
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"PR" : "L",
"SCORE" : "6.300",
"UI" : "N",
"I" : "L",
"AV" : "N",
"S" : "U",
"AC" : "L",
"C" : "L"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29903"
},
"data_type" : "CVE"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506."
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6495919",
"url": "https://www.ibm.com/support/pages/node/6495919",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6495919 (Sterling B2B Integrator)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207506",
"refsource": "XF",
"name": "ibm-sterling-cve202129903-sql-injection (207506)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
}
]
},
"product_name": "Sterling B2B Integrator"
}
]
}
}
]
}
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"PR": "L",
"SCORE": "6.300",
"UI": "N",
"I": "L",
"AV": "N",
"S": "U",
"AC": "L",
"C": "L"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29903"
},
"data_type": "CVE"
}

220
2021/29xxx/CVE-2021-29908.json
View File

@ -1,112 +1,112 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.51.0.63"
},
{
"version_value" : "8.51.1.26"
},
{
"version_value" : "8.52.100.32"
}
]
},
"product_name" : "Virtualization Engine TS7700 3957-VED"
},
{
"product_name" : "Virtualization Engine TS7700 3957-VEC",
"version" : {
"version_data" : [
{
"version_value" : "8.51.0.63"
},
{
"version_value" : "8.51.1.26"
},
{
"version_value" : "8.52.100.32"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2021-29908",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-05T00:00:00"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"value" : "The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6495469 (Virtualization Engine TS7700 3957-VEC)",
"name" : "https://www.ibm.com/support/pages/node/6495469",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6495469"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/207747",
"refsource" : "XF",
"name" : "ibm-ts7700-cve202129908-sec-bypass (207747)"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"UI" : "N",
"S" : "U",
"PR" : "N",
"SCORE" : "9.100",
"AC" : "L",
"I" : "H",
"A" : "N",
"AV" : "N",
"C" : "H"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.51.0.63"
},
{
"version_value": "8.51.1.26"
},
{
"version_value": "8.52.100.32"
}
]
},
"product_name": "Virtualization Engine TS7700 3957-VED"
},
{
"product_name": "Virtualization Engine TS7700 3957-VEC",
"version": {
"version_data": [
{
"version_value": "8.51.0.63"
},
{
"version_value": "8.51.1.26"
},
{
"version_value": "8.52.100.32"
}
]
}
}
]
}
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-29908",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-05T00:00:00"
},
"data_version": "4.0",
"description": {
"description_data": [
{
"value": "The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6495469 (Virtualization Engine TS7700 3957-VEC)",
"name": "https://www.ibm.com/support/pages/node/6495469",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6495469"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207747",
"refsource": "XF",
"name": "ibm-ts7700-cve202129908-sec-bypass (207747)"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"S": "U",
"PR": "N",
"SCORE": "9.100",
"AC": "L",
"I": "H",
"A": "N",
"AV": "N",
"C": "H"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"data_format": "MITRE"
}

176
2021/38xxx/CVE-2021-38923.json
View File

@ -1,90 +1,90 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "FW1010"
}
]
},
"product_name" : "PowerVM Hypervisor"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-38923"
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6495879",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6495879",
"title" : "IBM Security Bulletin 6495879 (PowerVM Hypervisor)"
},
{
"name" : "ibm-powervm-cve202138923-sec-bypass (210162)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/210162",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"S" : "C",
"UI" : "N",
"SCORE" : "8.000",
"PR" : "H",
"AC" : "H",
"I" : "H",
"A" : "H",
"AV" : "N",
"C" : "H"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "FW1010"
}
]
},
"product_name": "PowerVM Hypervisor"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2021-38923"
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6495879",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6495879",
"title": "IBM Security Bulletin 6495879 (PowerVM Hypervisor)"
},
{
"name": "ibm-powervm-cve202138923-sec-bypass (210162)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210162",
"refsource": "XF",
"title": "X-Force Vulnerability Report"
}
]
},
"description": {
"description_data": [
{
"value": "IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"S": "C",
"UI": "N",
"SCORE": "8.000",
"PR": "H",
"AC": "H",
"I": "H",
"A": "H",
"AV": "N",
"C": "H"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"data_type": "CVE",
"data_format": "MITRE"
}

194
2021/38xxx/CVE-2021-38925.json
View File

@ -1,99 +1,99 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sterling B2B Integrator",
"version" : {
"version_data" : [
{
"version_value" : "5.2.0.0"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.3.4"
},
{
"version_value" : "6.1.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6495905",
"url" : "https://www.ibm.com/support/pages/node/6495905",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6495905 (Sterling B2B Integrator)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/210171",
"name" : "ibm-sterling-cve202138925-info-disc (210171)",
"title" : "X-Force Vulnerability Report"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"C" : "H",
"AC" : "H",
"S" : "U",
"I" : "N",
"AV" : "N",
"UI" : "N",
"SCORE" : "5.900",
"PR" : "N",
"A" : "N"
}
}
},
"data_version" : "4.0",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-38925",
"DATE_PUBLIC" : "2021-10-05T00:00:00",
"STATE" : "PUBLIC"
},
"data_type" : "CVE",
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sterling B2B Integrator",
"version": {
"version_data": [
{
"version_value": "5.2.0.0"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.3.4"
},
{
"version_value": "6.1.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
}
}
}
},
"description": {
"description_data": [
{
"value": "IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6495905",
"url": "https://www.ibm.com/support/pages/node/6495905",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6495905 (Sterling B2B Integrator)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/210171",
"name": "ibm-sterling-cve202138925-info-disc (210171)",
"title": "X-Force Vulnerability Report"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"C": "H",
"AC": "H",
"S": "U",
"I": "N",
"AV": "N",
"UI": "N",
"SCORE": "5.900",
"PR": "N",
"A": "N"
}
}
},
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-38925",
"DATE_PUBLIC": "2021-10-05T00:00:00",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
}
}

10
2021/41xxx/CVE-2021-41121.json
View File

@ -69,15 +69,15 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv",
"refsource": "CONFIRM",
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv"
},
{
"name": "https://github.com/vyperlang/vyper/pull/2447",
"refsource": "MISC",
"url": "https://github.com/vyperlang/vyper/pull/2447"
},
{
"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv",
"refsource": "CONFIRM",
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv"
}
]
},

2
2021/41xxx/CVE-2021-41125.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": " Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`."
"value": "Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`."
}
]
},

2
2021/41xxx/CVE-2021-41126.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.\n"
"value": "October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update."
}
]
},

12
2021/41xxx/CVE-2021-41128.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": " Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There is no validation or sanitization of these formula fields and so malicious may construct malicious code. This vulnerability has been resolved in version 1.30.4. There are no workarounds and all users are advised to upgrade their package."
"value": "Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There is no validation or sanitization of these formula fields and so malicious may construct malicious code. This vulnerability has been resolved in version 1.30.4. There are no workarounds and all users are advised to upgrade their package."
}
]
},
@ -69,6 +69,11 @@
},
"references": {
"reference_data": [
{
"name": "https://owasp.org/www-community/attacks/CSV_Injection",
"refsource": "MISC",
"url": "https://owasp.org/www-community/attacks/CSV_Injection"
},
{
"name": "https://github.com/jshmrtn/hygeia/security/advisories/GHSA-8pwv-jhj2-2369",
"refsource": "CONFIRM",
@ -88,11 +93,6 @@
"name": "https://github.com/jshmrtn/hygeia/commit/d917f27432fe84e1c9751222ae55bae36a4dce60",
"refsource": "MISC",
"url": "https://github.com/jshmrtn/hygeia/commit/d917f27432fe84e1c9751222ae55bae36a4dce60"
},
{
"name": "https://owasp.org/www-community/attacks/CSV_Injection",
"refsource": "MISC",
"url": "https://owasp.org/www-community/attacks/CSV_Injection"
}
]
},

18
2021/42xxx/CVE-2021-42030.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42031.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42032.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42033.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42033",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42034.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42035.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42035",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42036.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42036",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42037.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42038.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/42xxx/CVE-2021-42039.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20002.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20003.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20003",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20004.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20004",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20005.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20006.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20007.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20008.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20009.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20010.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/20xxx/CVE-2022-20011.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}