From d31b19d0ec8b5c754c632496530c07b294ceeae0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 2 Aug 2021 17:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/8xxx/CVE-2015-8011.json | 5 + 2019/8xxx/CVE-2019-8460.json | 5 + 2020/27xxx/CVE-2020-27827.json | 5 + 2020/35xxx/CVE-2020-35137.json | 68 ++--------- 2021/20xxx/CVE-2021-20539.json | 204 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20540.json | 204 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20541.json | 206 ++++++++++++++++----------------- 2021/22xxx/CVE-2021-22379.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22381.json | 76 +++++++++++- 2021/22xxx/CVE-2021-22384.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22387.json | 84 +++++++++++++- 2021/22xxx/CVE-2021-22388.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22389.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22390.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22391.json | 104 ++++++++++++++++- 2021/22xxx/CVE-2021-22392.json | 104 ++++++++++++++++- 2021/22xxx/CVE-2021-22396.json | 53 ++++++++- 2021/22xxx/CVE-2021-22397.json | 50 +++++++- 2021/22xxx/CVE-2021-22398.json | 59 +++++++++- 2021/22xxx/CVE-2021-22412.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22413.json | 80 ++++++++++++- 2021/22xxx/CVE-2021-22414.json | 80 ++++++++++++- 2021/22xxx/CVE-2021-22415.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22427.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22428.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22435.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22438.json | 68 ++++++++++- 2021/22xxx/CVE-2021-22442.json | 104 ++++++++++++++++- 2021/22xxx/CVE-2021-22443.json | 104 ++++++++++++++++- 2021/22xxx/CVE-2021-22444.json | 104 ++++++++++++++++- 2021/29xxx/CVE-2021-29757.json | 172 +++++++++++++-------------- 2021/35xxx/CVE-2021-35464.json | 2 +- 2021/3xxx/CVE-2021-3674.json | 18 +++ 33 files changed, 2055 insertions(+), 584 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3674.json diff --git a/2015/8xxx/CVE-2015-8011.json b/2015/8xxx/CVE-2015-8011.json index df39ec70b91..336cbdbd033 100644 --- a/2015/8xxx/CVE-2015-8011.json +++ b/2015/8xxx/CVE-2015-8011.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07" } ] } diff --git a/2019/8xxx/CVE-2019-8460.json b/2019/8xxx/CVE-2019-8460.json index 0ea3abadb76..c450391774a 100644 --- a/2019/8xxx/CVE-2019-8460.json +++ b/2019/8xxx/CVE-2019-8460.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "https://research.checkpoint.com/tcp-sack-security-issue-in-openbsd-cve-2019-8460/", "url": "https://research.checkpoint.com/tcp-sack-security-issue-in-openbsd-cve-2019-8460/" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-19-253-03", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-253-03" } ] }, diff --git a/2020/27xxx/CVE-2020-27827.json b/2020/27xxx/CVE-2020-27827.json index 0977945456c..ee4f9abb1b8 100644 --- a/2020/27xxx/CVE-2020-27827.json +++ b/2020/27xxx/CVE-2020-27827.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07" } ] }, diff --git a/2020/35xxx/CVE-2020-35137.json b/2020/35xxx/CVE-2020-35137.json index cb400a4dfb8..1d669fc1921 100644 --- a/2020/35xxx/CVE-2020-35137.json +++ b/2020/35xxx/CVE-2020-35137.json @@ -1,71 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-35137", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35137", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US", - "refsource": "MISC", - "name": "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US" - }, - { - "refsource": "MISC", - "name": "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration", - "url": "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration" - }, - { - "refsource": "MISC", - "name": "https://github.com/optiv/rustyIron", - "url": "https://github.com/optiv/rustyIron" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, we do not plan change to make any changes to this feature." } ] } diff --git a/2021/20xxx/CVE-2021-20539.json b/2021/20xxx/CVE-2021-20539.json index ebea41e7a65..7597efdab1f 100644 --- a/2021/20xxx/CVE-2021-20539.json +++ b/2021/20xxx/CVE-2021-20539.json @@ -1,105 +1,105 @@ { - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920." - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-07-30T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-20539" - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6476940 (Cloud Pak for Security)", - "url" : "https://www.ibm.com/support/pages/node/6476940", - "name" : "https://www.ibm.com/support/pages/node/6476940", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198920", - "name" : "ibm-cp4s-cve202120539-info-disc (198920)", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "SCORE" : "5.300", - "AV" : "N", - "A" : "N", - "S" : "U", - "UI" : "N", - "C" : "L", - "I" : "N", - "PR" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Pak for Security", - "version" : { - "version_data" : [ - { - "version_value" : "1.6.0.0" - }, - { - "version_value" : "1.5.0.1" - }, - { - "version_value" : "1.5.0.0" - }, - { - "version_value" : "1.6.0.1" - }, - { - "version_value" : "1.7.0.0" - }, - { - "version_value" : "1.7.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - } -} + ] + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198920." + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-07-30T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-20539" + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6476940 (Cloud Pak for Security)", + "url": "https://www.ibm.com/support/pages/node/6476940", + "name": "https://www.ibm.com/support/pages/node/6476940", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198920", + "name": "ibm-cp4s-cve202120539-info-disc (198920)", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "SCORE": "5.300", + "AV": "N", + "A": "N", + "S": "U", + "UI": "N", + "C": "L", + "I": "N", + "PR": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Pak for Security", + "version": { + "version_data": [ + { + "version_value": "1.6.0.0" + }, + { + "version_value": "1.5.0.1" + }, + { + "version_value": "1.5.0.0" + }, + { + "version_value": "1.6.0.1" + }, + { + "version_value": "1.7.0.0" + }, + { + "version_value": "1.7.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20540.json b/2021/20xxx/CVE-2021-20540.json index 5e87092d342..10f4f1efa92 100644 --- a/2021/20xxx/CVE-2021-20540.json +++ b/2021/20xxx/CVE-2021-20540.json @@ -1,105 +1,105 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923." - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-20540", - "DATE_PUBLIC" : "2021-07-30T00:00:00", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6476940", - "url" : "https://www.ibm.com/support/pages/node/6476940", - "title" : "IBM Security Bulletin 6476940 (Cloud Pak for Security)" - }, - { - "refsource" : "XF", - "name" : "ibm-cp4s-cve202120540-info-disc (198923)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198923", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "SCORE" : "2.700", - "AC" : "L", - "AV" : "N", - "A" : "N", - "S" : "U", - "C" : "L", - "UI" : "N", - "PR" : "H", - "I" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Pak for Security", - "version" : { - "version_data" : [ - { - "version_value" : "1.6.0.0" - }, - { - "version_value" : "1.5.0.1" - }, - { - "version_value" : "1.5.0.0" - }, - { - "version_value" : "1.6.0.1" - }, - { - "version_value" : "1.7.0.0" - }, - { - "version_value" : "1.7.1.0" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198923." } - ] - } - } -} + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-20540", + "DATE_PUBLIC": "2021-07-30T00:00:00", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6476940", + "url": "https://www.ibm.com/support/pages/node/6476940", + "title": "IBM Security Bulletin 6476940 (Cloud Pak for Security)" + }, + { + "refsource": "XF", + "name": "ibm-cp4s-cve202120540-info-disc (198923)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198923", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "SCORE": "2.700", + "AC": "L", + "AV": "N", + "A": "N", + "S": "U", + "C": "L", + "UI": "N", + "PR": "H", + "I": "N" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Cloud Pak for Security", + "version": { + "version_data": [ + { + "version_value": "1.6.0.0" + }, + { + "version_value": "1.5.0.1" + }, + { + "version_value": "1.5.0.0" + }, + { + "version_value": "1.6.0.1" + }, + { + "version_value": "1.7.0.0" + }, + { + "version_value": "1.7.1.0" + } + ] + } + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20541.json b/2021/20xxx/CVE-2021-20541.json index 2bbb310e56b..c46049bb227 100644 --- a/2021/20xxx/CVE-2021-20541.json +++ b/2021/20xxx/CVE-2021-20541.json @@ -1,105 +1,105 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Pak for Security", - "version" : { - "version_data" : [ - { - "version_value" : "1.6.0.0" - }, - { - "version_value" : "1.5.0.1" - }, - { - "version_value" : "1.5.0.0" - }, - { - "version_value" : "1.6.0.1" - }, - { - "version_value" : "1.7.0.0" - }, - { - "version_value" : "1.7.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "A" : "N", - "AV" : "N", - "SCORE" : "3.700", - "AC" : "H", - "I" : "N", - "PR" : "N", - "C" : "L", - "UI" : "N", - "S" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6476940", - "url" : "https://www.ibm.com/support/pages/node/6476940", - "title" : "IBM Security Bulletin 6476940 (Cloud Pak for Security)" - }, - { - "name" : "ibm-cp4s-cve202120541-info-disc (198927)", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198927" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Pak for Security", + "version": { + "version_data": [ + { + "version_value": "1.6.0.0" + }, + { + "version_value": "1.5.0.1" + }, + { + "version_value": "1.5.0.0" + }, + { + "version_value": "1.6.0.1" + }, + { + "version_value": "1.7.0.0" + }, + { + "version_value": "1.7.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-07-30T00:00:00", - "ID" : "CVE-2021-20541", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE" -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "A": "N", + "AV": "N", + "SCORE": "3.700", + "AC": "H", + "I": "N", + "PR": "N", + "C": "L", + "UI": "N", + "S": "U" + } + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6476940", + "url": "https://www.ibm.com/support/pages/node/6476940", + "title": "IBM Security Bulletin 6476940 (Cloud Pak for Security)" + }, + { + "name": "ibm-cp4s-cve202120541-info-disc (198927)", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198927" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-07-30T00:00:00", + "ID": "CVE-2021-20541", + "ASSIGNER": "psirt@us.ibm.com" + }, + "description": { + "description_data": [ + { + "value": "IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information could be used in further attacks against the system. IBM X-Force ID: 198927.", + "lang": "eng" + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22379.json b/2021/22xxx/CVE-2021-22379.json index 54d0ac56284..5bdab9261ac 100644 --- a/2021/22xxx/CVE-2021-22379.json +++ b/2021/22xxx/CVE-2021-22379.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22379", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Underflow (Wrap or Wraparound)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22381.json b/2021/22xxx/CVE-2021-22381.json index 2d22f0f89a4..4193d9b6a7b 100644 --- a/2021/22xxx/CVE-2021-22381.json +++ b/2021/22xxx/CVE-2021-22381.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22381", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause an infinite loop in DoS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Input Verification Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22384.json b/2021/22xxx/CVE-2021-22384.json index 69e3cfbe7c1..d976dcc9d21 100644 --- a/2021/22xxx/CVE-2021-22384.json +++ b/2021/22xxx/CVE-2021-22384.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22384", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22387.json b/2021/22xxx/CVE-2021-22387.json index e429e82a43a..2feeba61b3c 100644 --- a/2021/22xxx/CVE-2021-22387.json +++ b/2021/22xxx/CVE-2021-22387.json @@ -1,17 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22387", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Control of Dynamically Managing Code Resources" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22388.json b/2021/22xxx/CVE-2021-22388.json index 863aa7c5388..492d03d7596 100644 --- a/2021/22xxx/CVE-2021-22388.json +++ b/2021/22xxx/CVE-2021-22388.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22388", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22389.json b/2021/22xxx/CVE-2021-22389.json index 52e9e4e17a7..2af2b700a66 100644 --- a/2021/22xxx/CVE-2021-22389.json +++ b/2021/22xxx/CVE-2021-22389.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission Control Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22390.json b/2021/22xxx/CVE-2021-22390.json index 6dbb14382a8..3525281ccb8 100644 --- a/2021/22xxx/CVE-2021-22390.json +++ b/2021/22xxx/CVE-2021-22390.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Buffer Improper Operation Limit Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22391.json b/2021/22xxx/CVE-2021-22391.json index edba79b068c..baa49b92655 100644 --- a/2021/22xxx/CVE-2021-22391.json +++ b/2021/22xxx/CVE-2021-22391.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22392.json b/2021/22xxx/CVE-2021-22392.json index 4d8eeff1e18..fa3a7e59d81 100644 --- a/2021/22xxx/CVE-2021-22392.json +++ b/2021/22xxx/CVE-2021-22392.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22396.json b/2021/22xxx/CVE-2021-22396.json index 9ab73958ae2..79819d91b44 100644 --- a/2021/22xxx/CVE-2021-22396.json +++ b/2021/22xxx/CVE-2021-22396.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "eCNS280_TD;eSE620X vESS", + "version": { + "version_data": [ + { + "version_value": "V100R005C00,V100R005C10" + }, + { + "version_value": "V100R001C10SPC200,V100R001C20SPC200" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-privilege-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-privilege-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200." } ] } diff --git a/2021/22xxx/CVE-2021-22397.json b/2021/22xxx/CVE-2021-22397.json index 8018e02435e..a77af9720e6 100644 --- a/2021/22xxx/CVE-2021-22397.json +++ b/2021/22xxx/CVE-2021-22397.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ManageOne", + "version": { + "version_data": [ + { + "version_value": "8.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-pe-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-pe-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service." } ] } diff --git a/2021/22xxx/CVE-2021-22398.json b/2021/22xxx/CVE-2021-22398.json index 33057d0e9ab..379497ba868 100644 --- a/2021/22xxx/CVE-2021-22398.json +++ b/2021/22xxx/CVE-2021-22398.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Hulk-AL00C;Jennifer-AN00C;Jenny-AL10B;OxfordPL-AN10B", + "version": { + "version_data": [ + { + "version_value": "9.1.1.201(C00E201R8P1)" + }, + { + "version_value": "10.1.1.171(C00E170R6P3)" + }, + { + "version_value": "10.1.0.228(C00E220R5P1)" + }, + { + "version_value": "10.1.0.116(C00E110R2P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Logic Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1)." } ] } diff --git a/2021/22xxx/CVE-2021-22412.json b/2021/22xxx/CVE-2021-22412.json index 21456dc68b5..229a7aa233a 100644 --- a/2021/22xxx/CVE-2021-22412.json +++ b/2021/22xxx/CVE-2021-22412.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22413.json b/2021/22xxx/CVE-2021-22413.json index 25bb204247d..1dcfa060b2a 100644 --- a/2021/22xxx/CVE-2021-22413.json +++ b/2021/22xxx/CVE-2021-22413.json @@ -1,17 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + }, + { + "version_affected": "=", + "version_value": "8.2" + }, + { + "version_affected": "=", + "version_value": "8.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22414.json b/2021/22xxx/CVE-2021-22414.json index 6aff1fe3ac4..bc5acd4e0b5 100644 --- a/2021/22xxx/CVE-2021-22414.json +++ b/2021/22xxx/CVE-2021-22414.json @@ -1,17 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + }, + { + "version_affected": "=", + "version_value": "8.2" + }, + { + "version_affected": "=", + "version_value": "8.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Buffer Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22415.json b/2021/22xxx/CVE-2021-22415.json index 751a61dc046..3dd43d6a0b2 100644 --- a/2021/22xxx/CVE-2021-22415.json +++ b/2021/22xxx/CVE-2021-22415.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Calculation of Buffer Size" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22427.json b/2021/22xxx/CVE-2021-22427.json index 777bc5a5f36..a6883f4450b 100644 --- a/2021/22xxx/CVE-2021-22427.json +++ b/2021/22xxx/CVE-2021-22427.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22428.json b/2021/22xxx/CVE-2021-22428.json index 1f146924f96..e8f948c0eb6 100644 --- a/2021/22xxx/CVE-2021-22428.json +++ b/2021/22xxx/CVE-2021-22428.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incomplete Cleanup" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22435.json b/2021/22xxx/CVE-2021-22435.json index 335c5dc155d..5ba00859bfe 100644 --- a/2021/22xxx/CVE-2021-22435.json +++ b/2021/22xxx/CVE-2021-22435.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22435", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Configuration Defect Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration Defect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22438.json b/2021/22xxx/CVE-2021-22438.json index dde4a955ff2..0aa94cf42e5 100644 --- a/2021/22xxx/CVE-2021-22438.json +++ b/2021/22xxx/CVE-2021-22438.json @@ -1,17 +1,73 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Buffer Improper Operation Limit Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22442.json b/2021/22xxx/CVE-2021-22442.json index a282f34f52f..2866c4e5608 100644 --- a/2021/22xxx/CVE-2021-22442.json +++ b/2021/22xxx/CVE-2021-22442.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Integrity Check Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22443.json b/2021/22xxx/CVE-2021-22443.json index 7be0019fdb0..0f4e09df7bf 100644 --- a/2021/22xxx/CVE-2021-22443.json +++ b/2021/22xxx/CVE-2021-22443.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Input Verification Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/22xxx/CVE-2021-22444.json b/2021/22xxx/CVE-2021-22444.json index a06be9d854e..9cd13cefe61 100644 --- a/2021/22xxx/CVE-2021-22444.json +++ b/2021/22xxx/CVE-2021-22444.json @@ -1,17 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.0" + }, + { + "version_affected": "=", + "version_value": "10.1.1" + }, + { + "version_affected": "=", + "version_value": "10.1.0" + }, + { + "version_affected": "=", + "version_value": "10.0.0" + }, + { + "version_affected": "=", + "version_value": "9.1.1" + }, + { + "version_affected": "=", + "version_value": "9.1.0" + } + ] + } + }, + { + "product_name": "Magic UI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.1" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Input Verification Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2021/6/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2021/6/" } ] } diff --git a/2021/29xxx/CVE-2021-29757.json b/2021/29xxx/CVE-2021-29757.json index ff5ec6c3f88..6aed169ef14 100644 --- a/2021/29xxx/CVE-2021-29757.json +++ b/2021/29xxx/CVE-2021-29757.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168." - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4.1.1" - } - ] - }, - "product_name" : "QRadar User Behavior Analytics" - } - ] - } + "lang": "eng", + "value": "IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168." } - ] - } - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-07-30T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2021-29757" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4.1.1" + } + ] + }, + "product_name": "QRadar User Behavior Analytics" + } + ] + } + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6477204", - "title" : "IBM Security Bulletin 6477204 (QRadar User Behavior Analytics)", - "name" : "https://www.ibm.com/support/pages/node/6477204", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202168", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-qradar-cve202129757-csrf (202168)", - "refsource" : "XF" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "SCORE" : "4.300", - "A" : "N", - "S" : "U", - "I" : "L", - "PR" : "N", - "AV" : "N", - "UI" : "R", - "AC" : "L", - "C" : "N" - } - } - } -} + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-07-30T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2021-29757" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6477204", + "title": "IBM Security Bulletin 6477204 (QRadar User Behavior Analytics)", + "name": "https://www.ibm.com/support/pages/node/6477204", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202168", + "title": "X-Force Vulnerability Report", + "name": "ibm-qradar-cve202129757-csrf (202168)", + "refsource": "XF" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "SCORE": "4.300", + "A": "N", + "S": "U", + "I": "L", + "PR": "N", + "AV": "N", + "UI": "R", + "AC": "L", + "C": "N" + } + } + } +} \ No newline at end of file diff --git a/2021/35xxx/CVE-2021-35464.json b/2021/35xxx/CVE-2021-35464.json index 08827b1c693..30bbb428147 100644 --- a/2021/35xxx/CVE-2021-35464.json +++ b/2021/35xxx/CVE-2021-35464.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/Version request to the server. The vulnerability exists due to incorrect usage of Sun ONE Application Framework (JATO)." + "value": "ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier" } ] }, diff --git a/2021/3xxx/CVE-2021-3674.json b/2021/3xxx/CVE-2021-3674.json new file mode 100644 index 00000000000..de118c341f8 --- /dev/null +++ b/2021/3xxx/CVE-2021-3674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file