admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-28 13:00:49 +00:00
parent 6080558e68
commit edf318fa1a
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
22 changed files with 329 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/8xxx/CVE-2019-8259.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
} }
] ]
} }

5
2019/8xxx/CVE-2019-8260.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
} }
] ]
} }

5
2019/8xxx/CVE-2019-8275.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
} }
] ]
} }

5
2019/8xxx/CVE-2019-8277.json
View File

@ -68,6 +68,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
} }
] ]
}, },

5
2019/8xxx/CVE-2019-8280.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
} }
] ]
} }

61
2020/15xxx/CVE-2020-15303.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-15303",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-15303",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.infoblox.com/products/nios8/",
"refsource": "MISC",
"name": "https://www.infoblox.com/products/nios8/"
},
{
"refsource": "MISC",
"name": "https://community.infoblox.com/t5/Security/NIOS-XML-Vulnerability/m-p/22437#M1995",
"url": "https://community.infoblox.com/t5/Security/NIOS-XML-Vulnerability/m-p/22437#M1995"
} }
] ]
} }

8
2020/24xxx/CVE-2020-24421.json
View File

@ -57,15 +57,15 @@
"cvss": { "cvss": {
"attackComplexity": "Low", "attackComplexity": "Low",
"attackVector": "Local", "attackVector": "Local",
"availabilityImpact": "Low", "availabilityImpact": "High",
"baseScore": 3.3, "baseScore": 5.5,
"baseSeverity": "Low", "baseSeverity": "Medium",
"confidentialityImpact": "None", "confidentialityImpact": "None",
"integrityImpact": "None", "integrityImpact": "None",
"privilegesRequired": "None", "privilegesRequired": "None",
"scope": "Unchanged", "scope": "Unchanged",
"userInteraction": "Required", "userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1" "version": "3.1"
} }
}, },

75
2020/28xxx/CVE-2020-28200.json
View File

@ -1,18 +1,81 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-28200",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2020-28200",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://dovecot.org/security",
"refsource": "MISC",
"name": "https://dovecot.org/security"
},
{
"refsource": "CONFIRM",
"name": "https://www.openwall.com/lists/oss-security/2021/06/28/3",
"url": "https://www.openwall.com/lists/oss-security/2021/06/28/3"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
} }
} }

22
2020/9xxx/CVE-2020-9667.json
View File

@ -49,23 +49,23 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction." "value": "Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction."
} }
] ]
}, },
"impact": { "impact": {
"cvss": { "cvss": {
"attackComplexity": "None", "attackComplexity": "Low",
"attackVector": "None", "attackVector": "Local",
"availabilityImpact": "None", "availabilityImpact": "High",
"baseScore": 6.4, "baseScore": 6.5,
"baseSeverity": "Medium", "baseSeverity": "Medium",
"confidentialityImpact": "None", "confidentialityImpact": "High",
"integrityImpact": "None", "integrityImpact": "High",
"privilegesRequired": "None", "privilegesRequired": "High",
"scope": "None", "scope": "Unchanged",
"userInteraction": "None", "userInteraction": "Required",
"vectorString": "AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1" "version": "3.1"
} }
}, },

18
2020/9xxx/CVE-2020-9668.json
View File

@ -55,17 +55,17 @@
}, },
"impact": { "impact": {
"cvss": { "cvss": {
"attackComplexity": "None", "attackComplexity": "Low",
"attackVector": "None", "attackVector": "Local",
"availabilityImpact": "None", "availabilityImpact": "High",
"baseScore": 8.2, "baseScore": 7.8,
"baseSeverity": "High", "baseSeverity": "High",
"confidentialityImpact": "None", "confidentialityImpact": "High",
"integrityImpact": "None", "integrityImpact": "High",
"privilegesRequired": "None", "privilegesRequired": "None",
"scope": "None", "scope": "Unchanged",
"userInteraction": "None", "userInteraction": "Required",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1" "version": "3.1"
} }
}, },

20
2020/9xxx/CVE-2020-9681.json
View File

@ -55,17 +55,17 @@
}, },
"impact": { "impact": {
"cvss": { "cvss": {
"attackComplexity": "None", "attackComplexity": "Low",
"attackVector": "None", "attackVector": "Local",
"availabilityImpact": "None", "availabilityImpact": "High",
"baseScore": 6.4, "baseScore": 6.5,
"baseSeverity": "Medium", "baseSeverity": "Medium",
"confidentialityImpact": "None", "confidentialityImpact": "High",
"integrityImpact": "None", "integrityImpact": "High",
"privilegesRequired": "None", "privilegesRequired": "High",
"scope": "None", "scope": "Unchanged",
"userInteraction": "None", "userInteraction": "Required",
"vectorString": "AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1" "version": "3.1"
} }
}, },

10
2021/21xxx/CVE-2021-21013.json
View File

@ -49,7 +49,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure." "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account."
} }
] ]
}, },
@ -57,15 +57,15 @@
"cvss": { "cvss": {
"attackComplexity": "Low", "attackComplexity": "Low",
"attackVector": "Network", "attackVector": "Network",
"availabilityImpact": "High", "availabilityImpact": "None",
"baseScore": 8.0, "baseScore": 8.1,
"baseSeverity": "High", "baseSeverity": "High",
"confidentialityImpact": "High", "confidentialityImpact": "High",
"integrityImpact": "High", "integrityImpact": "High",
"privilegesRequired": "Low", "privilegesRequired": "Low",
"scope": "Unchanged", "scope": "Unchanged",
"userInteraction": "Required", "userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1" "version": "3.1"
} }
}, },

8
2021/21xxx/CVE-2021-21042.json
View File

@ -49,7 +49,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
} }
] ]
}, },
@ -58,14 +58,14 @@
"attackComplexity": "Low", "attackComplexity": "Low",
"attackVector": "Network", "attackVector": "Network",
"availabilityImpact": "None", "availabilityImpact": "None",
"baseScore": 4.3, "baseScore": 6.5,
"baseSeverity": "Medium", "baseSeverity": "Medium",
"confidentialityImpact": "Low", "confidentialityImpact": "High",
"integrityImpact": "None", "integrityImpact": "None",
"privilegesRequired": "None", "privilegesRequired": "None",
"scope": "Unchanged", "scope": "Unchanged",
"userInteraction": "Required", "userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1" "version": "3.1"
} }
}, },

12
2021/21xxx/CVE-2021-21070.json
View File

@ -49,23 +49,23 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges." "value": "Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges."
} }
] ]
}, },
"impact": { "impact": {
"cvss": { "cvss": {
"attackComplexity": "High", "attackComplexity": "Low",
"attackVector": "Local", "attackVector": "Local",
"availabilityImpact": "High", "availabilityImpact": "High",
"baseScore": 7.8, "baseScore": 6.5,
"baseSeverity": "High", "baseSeverity": "Medium",
"confidentialityImpact": "High", "confidentialityImpact": "High",
"integrityImpact": "High", "integrityImpact": "High",
"privilegesRequired": "None", "privilegesRequired": "High",
"scope": "Unchanged", "scope": "Unchanged",
"userInteraction": "Required", "userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1" "version": "3.1"
} }
}, },

6
2021/21xxx/CVE-2021-21082.json
View File

@ -56,16 +56,16 @@
"impact": { "impact": {
"cvss": { "cvss": {
"attackComplexity": "Low", "attackComplexity": "Low",
"attackVector": "Network", "attackVector": "Local",
"availabilityImpact": "High", "availabilityImpact": "High",
"baseScore": 8.8, "baseScore": 7.8,
"baseSeverity": "High", "baseSeverity": "High",
"confidentialityImpact": "High", "confidentialityImpact": "High",
"integrityImpact": "High", "integrityImpact": "High",
"privilegesRequired": "None", "privilegesRequired": "None",
"scope": "Unchanged", "scope": "Unchanged",
"userInteraction": "Required", "userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1" "version": "3.1"
} }
}, },

8
2021/21xxx/CVE-2021-21085.json
View File

@ -49,23 +49,23 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into the registration form and achieve arbitrary code execution in the context of the admin account." "value": "Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine."
} }
] ]
}, },
"impact": { "impact": {
"cvss": { "cvss": {
"attackComplexity": "Low", "attackComplexity": "Low",
"attackVector": "Network", "attackVector": "Local",
"availabilityImpact": "High", "availabilityImpact": "High",
"baseScore": 8.8, "baseScore": 7.8,
"baseSeverity": "High", "baseSeverity": "High",
"confidentialityImpact": "High", "confidentialityImpact": "High",
"integrityImpact": "High", "integrityImpact": "High",
"privilegesRequired": "None", "privilegesRequired": "None",
"scope": "Unchanged", "scope": "Unchanged",
"userInteraction": "Required", "userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1" "version": "3.1"
} }
}, },

4
2021/21xxx/CVE-2021-21087.json
View File

@ -4,7 +4,7 @@
"DATE_PUBLIC": "2021-03-22T23:00:00.000Z", "DATE_PUBLIC": "2021-03-22T23:00:00.000Z",
"ID": "CVE-2021-21087", "ID": "CVE-2021-21087",
"STATE": "PUBLIC", "STATE": "PUBLIC",
"TITLE": "ColdFusion Eval Injection vulnerability could lead to code execution" "TITLE": "ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -49,7 +49,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (\u2018Eval Injection\u2019) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction." "value": "Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction."
} }
] ]
}, },

13
2021/21xxx/CVE-2021-21096.json
View File

@ -58,14 +58,14 @@
"attackComplexity": "Low", "attackComplexity": "Low",
"attackVector": "Local", "attackVector": "Local",
"availabilityImpact": "High", "availabilityImpact": "High",
"baseScore": 7.6, "baseScore": 5.5,
"baseSeverity": "High", "baseSeverity": "Medium",
"confidentialityImpact": "None", "confidentialityImpact": "None",
"integrityImpact": "Low", "integrityImpact": "None",
"privilegesRequired": "Low", "privilegesRequired": "Low",
"scope": "Unchanged", "scope": "Unchanged",
"userInteraction": "None", "userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1" "version": "3.1"
} }
}, },
@ -87,11 +87,6 @@
"refsource": "MISC", "refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html", "url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html",
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html" "name": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-417/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-417/"
} }
] ]
}, },

15
2021/27xxx/CVE-2021-27386.json
View File

@ -82,6 +82,16 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{ {
"refsource": "MISC", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
@ -91,6 +101,11 @@
"refsource": "MISC", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
} }
] ]
} }

2
2021/28xxx/CVE-2021-28545.json
View File

@ -49,7 +49,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to show arbitrary content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file." "value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker would have the ability to completely manipulate data in a certified PDF without invalidating the original certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file."
} }
] ]
}, },

50
2021/31xxx/CVE-2021-31337.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-31337", "ID": "CVE-2021-31337",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SINAMICS Medium Voltage Products",
"version": {
"version_data": [
{
"version_value": "SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-04",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-04"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions)."
} }
] ]
} }

61
2021/33xxx/CVE-2021-33515.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-33515",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2021-33515",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://dovecot.org/security",
"refsource": "MISC",
"name": "https://dovecot.org/security"
},
{
"refsource": "CONFIRM",
"name": "https://www.openwall.com/lists/oss-security/2021/06/28/2",
"url": "https://www.openwall.com/lists/oss-security/2021/06/28/2"
} }
] ]
} }