From d52a85fa03b2941a6edfae6f4b7065e243427836 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 29 Sep 2021 16:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/28xxx/CVE-2021-28547.json | 90 +++++++++++- 2021/29xxx/CVE-2021-29834.json | 250 ++++++++++++++++----------------- 2021/35xxx/CVE-2021-35982.json | 90 +++++++++++- 2021/36xxx/CVE-2021-36621.json | 5 + 2021/39xxx/CVE-2021-39821.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39829.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39830.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39831.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39832.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39833.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39834.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39835.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39836.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39837.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39838.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39839.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39840.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39841.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39842.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39843.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39844.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39845.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39846.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39849.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39850.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39851.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39852.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39853.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39854.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39855.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39856.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39857.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39858.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39860.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39861.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39862.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39863.json | 90 +++++++++++- 2021/39xxx/CVE-2021-39865.json | 90 +++++++++++- 2021/40xxx/CVE-2021-40697.json | 90 +++++++++++- 2021/40xxx/CVE-2021-40708.json | 90 +++++++++++- 2021/40xxx/CVE-2021-40710.json | 90 +++++++++++- 2021/40xxx/CVE-2021-40715.json | 90 +++++++++++- 2021/40xxx/CVE-2021-40716.json | 90 +++++++++++- 43 files changed, 3574 insertions(+), 371 deletions(-) diff --git a/2021/28xxx/CVE-2021-28547.json b/2021/28xxx/CVE-2021-28547.json index 9c5a5f08c7d..c95f3588584 100644 --- a/2021/28xxx/CVE-2021-28547.json +++ b/2021/28xxx/CVE-2021-28547.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-03-09T23:00:00.000Z", "ID": "CVE-2021-28547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Creative Cloud for macOS Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Creative Cloud (desktop component)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "5.3" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html", + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29834.json b/2021/29xxx/CVE-2021-29834.json index 3a3c6cfe0b7..f161f46eba7 100644 --- a/2021/29xxx/CVE-2021-29834.json +++ b/2021/29xxx/CVE-2021-29834.json @@ -1,127 +1,127 @@ { - "data_type" : "CVE", - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Business Automation Workflow", - "version" : { - "version_data" : [ - { - "version_value" : "18.0.0.0" - }, - { - "version_value" : "18.0.0.1" - }, - { - "version_value" : "18.0.0.2" - }, - { - "version_value" : "19.0.0.1" - }, - { - "version_value" : "19.0.0.2" - }, - { - "version_value" : "19.0.0.3" - }, - { - "version_value" : "20.0.0.1" - }, - { - "version_value" : "20.0.0.2" - }, - { - "version_value" : "21.0.2" - } - ] - } - }, - { - "product_name" : "Business Process Manager", - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - }, - { - "version_value" : "8.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "UI" : "N", - "I" : "L", - "SCORE" : "6.400", - "AV" : "N", - "PR" : "L", - "S" : "C", - "C" : "L", - "AC" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "H", - "RL" : "O" - } - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-09-28T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-29834", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "data_type": "CVE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Business Automation Workflow", + "version": { + "version_data": [ + { + "version_value": "18.0.0.0" + }, + { + "version_value": "18.0.0.1" + }, + { + "version_value": "18.0.0.2" + }, + { + "version_value": "19.0.0.1" + }, + { + "version_value": "19.0.0.2" + }, + { + "version_value": "19.0.0.3" + }, + { + "version_value": "20.0.0.1" + }, + { + "version_value": "20.0.0.2" + }, + { + "version_value": "21.0.2" + } + ] + } + }, + { + "product_name": "Business Process Manager", + "version": { + "version_data": [ + { + "version_value": "8.5" + }, + { + "version_value": "8.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6493271", - "url" : "https://www.ibm.com/support/pages/node/6493271", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6493271 (Business Automation Workflow)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/204832", - "name" : "ibm-baw-cve202129834-xss (204832)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832." - } - ] - } -} + } + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "UI": "N", + "I": "L", + "SCORE": "6.400", + "AV": "N", + "PR": "L", + "S": "C", + "C": "L", + "AC": "L" + }, + "TM": { + "RC": "C", + "E": "H", + "RL": "O" + } + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-09-28T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-29834", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6493271", + "url": "https://www.ibm.com/support/pages/node/6493271", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6493271 (Business Automation Workflow)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204832", + "name": "ibm-baw-cve202129834-xss (204832)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832." + } + ] + } +} \ No newline at end of file diff --git a/2021/35xxx/CVE-2021-35982.json b/2021/35xxx/CVE-2021-35982.json index f2b3897a256..4569af619e6 100644 --- a/2021/35xxx/CVE-2021-35982.json +++ b/2021/35xxx/CVE-2021-35982.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-35982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Reader DC Windows Installer Uncontrolled Search Path element could lead to Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability. An attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user via DLL hijacking. Exploitation of this issue requires user interaction." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.3, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Search Path Element (CWE-427)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36621.json b/2021/36xxx/CVE-2021-36621.json index 96fcfed03ff..7325e5a3904 100644 --- a/2021/36xxx/CVE-2021-36621.json +++ b/2021/36xxx/CVE-2021-36621.json @@ -56,6 +56,11 @@ "url": "https://www.exploit-db.com/exploits/50109", "refsource": "MISC", "name": "https://www.exploit-db.com/exploits/50109" + }, + { + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-18-09-2821", + "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-18-09-2821" } ] } diff --git a/2021/39xxx/CVE-2021-39821.json b/2021/39xxx/CVE-2021-39821.json index a119c2c7728..c3d5a20c312 100644 --- a/2021/39xxx/CVE-2021-39821.json +++ b/2021/39xxx/CVE-2021-39821.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-08-17T23:00:00.000Z", "ID": "CVE-2021-39821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe InDesign TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InDesign", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "16.3" + }, + { + "version_affected": "<=", + "version_value": "16.3.2" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html", + "name": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39829.json b/2021/39xxx/CVE-2021-39829.json index 93399e39ed4..9a41bae5314 100644 --- a/2021/39xxx/CVE-2021-39829.json +++ b/2021/39xxx/CVE-2021-39829.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39829", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39830.json b/2021/39xxx/CVE-2021-39830.json index f25964fed59..bbb70fedec3 100644 --- a/2021/39xxx/CVE-2021-39830.json +++ b/2021/39xxx/CVE-2021-39830.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39830", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39831.json b/2021/39xxx/CVE-2021-39831.json index d12137d6869..faa4c88bbc5 100644 --- a/2021/39xxx/CVE-2021-39831.json +++ b/2021/39xxx/CVE-2021-39831.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39831", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39832.json b/2021/39xxx/CVE-2021-39832.json index 911b99d3197..9eb76bb703d 100644 --- a/2021/39xxx/CVE-2021-39832.json +++ b/2021/39xxx/CVE-2021-39832.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39833.json b/2021/39xxx/CVE-2021-39833.json index b4d22df5a9d..4f024f96894 100644 --- a/2021/39xxx/CVE-2021-39833.json +++ b/2021/39xxx/CVE-2021-39833.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39834.json b/2021/39xxx/CVE-2021-39834.json index 3339ae0463d..a33e83795d3 100644 --- a/2021/39xxx/CVE-2021-39834.json +++ b/2021/39xxx/CVE-2021-39834.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39834", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39835.json b/2021/39xxx/CVE-2021-39835.json index fb7b46ffd0b..010f3561228 100644 --- a/2021/39xxx/CVE-2021-39835.json +++ b/2021/39xxx/CVE-2021-39835.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker PDF File Parsing Use-After-Free Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed PDF file that could result in disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 4.3, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39836.json b/2021/39xxx/CVE-2021-39836.json index 29b0a627e2a..f99851d9ea1 100644 --- a/2021/39xxx/CVE-2021-39836.json +++ b/2021/39xxx/CVE-2021-39836.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39836", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39837.json b/2021/39xxx/CVE-2021-39837.json index 57ddac30559..fa3fac40943 100644 --- a/2021/39xxx/CVE-2021-39837.json +++ b/2021/39xxx/CVE-2021-39837.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39837", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39838.json b/2021/39xxx/CVE-2021-39838.json index 9ecb4026d37..90aba7de4c7 100644 --- a/2021/39xxx/CVE-2021-39838.json +++ b/2021/39xxx/CVE-2021-39838.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39838", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC AcroForm buttonGetCaption Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39839.json b/2021/39xxx/CVE-2021-39839.json index d9f84b8cfb5..f5e7ba986e7 100644 --- a/2021/39xxx/CVE-2021-39839.json +++ b/2021/39xxx/CVE-2021-39839.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39839", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39840.json b/2021/39xxx/CVE-2021-39840.json index 2e882aa39c0..be78f8e4cc8 100644 --- a/2021/39xxx/CVE-2021-39840.json +++ b/2021/39xxx/CVE-2021-39840.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39841.json b/2021/39xxx/CVE-2021-39841.json index adc80a3b31b..cd6088dcd3f 100644 --- a/2021/39xxx/CVE-2021-39841.json +++ b/2021/39xxx/CVE-2021-39841.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39841", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39842.json b/2021/39xxx/CVE-2021-39842.json index 43c0ccbbbb5..88e213aa55e 100644 --- a/2021/39xxx/CVE-2021-39842.json +++ b/2021/39xxx/CVE-2021-39842.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39842", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC messageHandler.OnMessage Use-After-Free Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39843.json b/2021/39xxx/CVE-2021-39843.json index 1e86310437a..c91c2521f6f 100644 --- a/2021/39xxx/CVE-2021-39843.json +++ b/2021/39xxx/CVE-2021-39843.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write (CWE-787)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39844.json b/2021/39xxx/CVE-2021-39844.json index fc80b850478..d737e22a04d 100644 --- a/2021/39xxx/CVE-2021-39844.json +++ b/2021/39xxx/CVE-2021-39844.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader CalRGB Out-of-Bounds Read Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39845.json b/2021/39xxx/CVE-2021-39845.json index 9feefe35ab9..bb51449bf54 100644 --- a/2021/39xxx/CVE-2021-39845.json +++ b/2021/39xxx/CVE-2021-39845.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader Page Tree Node Recursive Stack Overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.7, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "Low", + "privilegesRequired": "None", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39846.json b/2021/39xxx/CVE-2021-39846.json index 016bd8dcfba..72ce490763f 100644 --- a/2021/39xxx/CVE-2021-39846.json +++ b/2021/39xxx/CVE-2021-39846.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader /Parent Property Recursive Stack Overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.7, + "baseSeverity": "High", + "confidentialityImpact": "None", + "integrityImpact": "Low", + "privilegesRequired": "None", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow (CWE-121)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39849.json b/2021/39xxx/CVE-2021-39849.json index 7953af85b08..9d16ef2be16 100644 --- a/2021/39xxx/CVE-2021-39849.json +++ b/2021/39xxx/CVE-2021-39849.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39850.json b/2021/39xxx/CVE-2021-39850.json index 944938d61df..d5712eb834b 100644 --- a/2021/39xxx/CVE-2021-39850.json +++ b/2021/39xxx/CVE-2021-39850.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39851.json b/2021/39xxx/CVE-2021-39851.json index 115c1829f30..332b6aace64 100644 --- a/2021/39xxx/CVE-2021-39851.json +++ b/2021/39xxx/CVE-2021-39851.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39852.json b/2021/39xxx/CVE-2021-39852.json index 074c5a92020..90b2adca514 100644 --- a/2021/39xxx/CVE-2021-39852.json +++ b/2021/39xxx/CVE-2021-39852.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39853.json b/2021/39xxx/CVE-2021-39853.json index 674f5a01763..d2b195d168f 100644 --- a/2021/39xxx/CVE-2021-39853.json +++ b/2021/39xxx/CVE-2021-39853.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39854.json b/2021/39xxx/CVE-2021-39854.json index 7522101ebd5..09df64a3983 100644 --- a/2021/39xxx/CVE-2021-39854.json +++ b/2021/39xxx/CVE-2021-39854.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39855.json b/2021/39xxx/CVE-2021-39855.json index 6b8d5268246..c02d11ae3d9 100644 --- a/2021/39xxx/CVE-2021-39855.json +++ b/2021/39xxx/CVE-2021-39855.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via src Parameter" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 3.8, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39856.json b/2021/39xxx/CVE-2021-39856.json index 9bc03ff316e..d8f84ca320f 100644 --- a/2021/39xxx/CVE-2021-39856.json +++ b/2021/39xxx/CVE-2021-39856.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39856", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via LoadFile" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 3.8, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39857.json b/2021/39xxx/CVE-2021-39857.json index 73b0f0e6dd3..10c295953ee 100644 --- a/2021/39xxx/CVE-2021-39857.json +++ b/2021/39xxx/CVE-2021-39857.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39857", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Information Disclosure via ActiveX LoadFile" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an attacker controlled web page." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 3.8, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39858.json b/2021/39xxx/CVE-2021-39858.json index 56e9e2a1111..65cc2730a9f 100644 --- a/2021/39xxx/CVE-2021-39858.json +++ b/2021/39xxx/CVE-2021-39858.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39858", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39860.json b/2021/39xxx/CVE-2021-39860.json index d00fb86b5d6..633feae24ba 100644 --- a/2021/39xxx/CVE-2021-39860.json +++ b/2021/39xxx/CVE-2021-39860.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Pro DC Search Plugin Null Pointer Dereference" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Null pointer dereference vulnerability. An authenticated attacker could leverage this vulnerability to disclose sensitive user memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference (CWE-476)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39861.json b/2021/39xxx/CVE-2021-39861.json index 6077556cf37..7172c83e263 100644 --- a/2021/39xxx/CVE-2021-39861.json +++ b/2021/39xxx/CVE-2021-39861.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39861", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Pro DC Catalog Plugin Out-of-Bounds Read Bug" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39862.json b/2021/39xxx/CVE-2021-39862.json index 6358382c2b9..626260d1394 100644 --- a/2021/39xxx/CVE-2021-39862.json +++ b/2021/39xxx/CVE-2021-39862.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2021-39862", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39863.json b/2021/39xxx/CVE-2021-39863.json index df40add90e1..af6db1ca605 100644 --- a/2021/39xxx/CVE-2021-39863.json +++ b/2021/39xxx/CVE-2021-39863.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-39863", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "DC 2021 July" + }, + { + "version_affected": "<=", + "version_value": "20.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "17.0-Classic 2021 July" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow (CWE-122)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb21-55.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39865.json b/2021/39xxx/CVE-2021-39865.json index 69973e819e3..7ddf5587eab 100644 --- a/2021/39xxx/CVE-2021-39865.json +++ b/2021/39xxx/CVE-2021-39865.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "NoneT23:00:00.000Z", "ID": "CVE-2021-39865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 4, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40697.json b/2021/40xxx/CVE-2021-40697.json index 7b55b690fe5..7f51432dce4 100644 --- a/2021/40xxx/CVE-2021-40697.json +++ b/2021/40xxx/CVE-2021-40697.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-40697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe FrameMaker PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FrameMaker", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2020.2" + }, + { + "version_affected": "<=", + "version_value": "2019.8" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.3, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html", + "name": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40708.json b/2021/40xxx/CVE-2021-40708.json index ca96c7af872..e5bcffbfd0c 100644 --- a/2021/40xxx/CVE-2021-40708.json +++ b/2021/40xxx/CVE-2021-40708.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-40708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Genuine Service Installer Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GoCart", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.3" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Genuine Service versions 7.3 (and earlier) are affected by a privilege escalation vulnerability in the AGSService installer. An authenticated attacker could leverage this vulnerability to achieve read / write privileges to execute arbitrary code. User interaction is required to abuse this vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.3, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/integrity_service/apsb21-81.html", + "name": "https://helpx.adobe.com/security/products/integrity_service/apsb21-81.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40710.json b/2021/40xxx/CVE-2021-40710.json index 4908ce5a762..aa6f41d9bed 100644 --- a/2021/40xxx/CVE-2021-40710.json +++ b/2021/40xxx/CVE-2021-40710.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-40710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Premiere Pro 2021 SVG File Parsing Leads to Memory Corruption" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Premiere", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "15.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html", + "name": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40715.json b/2021/40xxx/CVE-2021-40715.json index f1f74d818cd..1738a341991 100644 --- a/2021/40xxx/CVE-2021-40715.json +++ b/2021/40xxx/CVE-2021-40715.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-40715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Adobe Premiere Pro 2021 EXR File Parsing Leads to Memory Corruption " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Premiere", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "15.4" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .exr file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.8, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of Memory Location After End of Buffer (CWE-788)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html", + "name": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40716.json b/2021/40xxx/CVE-2021-40716.json index 34b287031da..154cf436f9e 100644 --- a/2021/40xxx/CVE-2021-40716.json +++ b/2021/40xxx/CVE-2021-40716.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2021-09-14T23:00:00.000Z", "ID": "CVE-2021-40716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XMP Toolkit SDK SVG_Adapter Out-of-bounds Read Information Disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XMP Toolkit", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2021.07" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + }, + { + "version_affected": "<=", + "version_value": "None" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.5, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read (CWE-125)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html", + "name": "https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file