Skip to content
This repository was archived by the owner on Jun 10, 2025. It is now read-only.

Commit 449539b

Browse files
cve-teamcve-team
committed
"-Synchronized-Data."
1 parent 1cee146 commit 449539b

File tree

8 files changed

+467
-489
lines changed

8 files changed

+467
-489
lines changed

2021/22xxx/CVE-2021-22493.json

Lines changed: 6 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -1,61 +1,17 @@
11
{
2+
"data_type": "CVE",
3+
"data_format": "MITRE",
4+
"data_version": "4.0",
25
"CVE_data_meta": {
3-
"ASSIGNER": "[email protected]",
46
"ID": "CVE-2021-22493",
5-
"STATE": "PUBLIC"
6-
},
7-
"affects": {
8-
"vendor": {
9-
"vendor_data": [
10-
{
11-
"product": {
12-
"product_data": [
13-
{
14-
"product_name": "n/a",
15-
"version": {
16-
"version_data": [
17-
{
18-
"version_value": "n/a"
19-
}
20-
]
21-
}
22-
}
23-
]
24-
},
25-
"vendor_name": "n/a"
26-
}
27-
]
28-
}
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "REJECT"
299
},
30-
"data_format": "MITRE",
31-
"data_type": "CVE",
32-
"data_version": "4.0",
3310
"description": {
3411
"description_data": [
3512
{
3613
"lang": "eng",
37-
"value": "An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The quram library allows attackers to execute arbitrary code or cause a denial of service (memory corruption) during dng decoding. The Samsung ID is SVE-2020-18811 (January 2021)."
38-
}
39-
]
40-
},
41-
"problemtype": {
42-
"problemtype_data": [
43-
{
44-
"description": [
45-
{
46-
"lang": "eng",
47-
"value": "n/a"
48-
}
49-
]
50-
}
51-
]
52-
},
53-
"references": {
54-
"reference_data": [
55-
{
56-
"url": "https://security.samsungmobile.com/securityUpdate.smsb",
57-
"refsource": "MISC",
58-
"name": "https://security.samsungmobile.com/securityUpdate.smsb"
14+
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-25346. Reason: This candidate is a duplicate of CVE-2021-25346. Notes: All CVE users should reference CVE-2021-25346 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
5915
}
6016
]
6117
}

2021/27xxx/CVE-2021-27239.json

Lines changed: 68 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -1,70 +1,74 @@
11
{
2-
"CVE_data_meta": {
3-
"ASSIGNER": "[email protected]",
4-
"ID": "CVE-2021-27239",
5-
"STATE": "PUBLIC"
6-
},
7-
"affects": {
8-
"vendor": {
9-
"vendor_data": [
10-
{
11-
"product": {
12-
"product_data": [
13-
{
14-
"product_name": "Multiple Routers",
15-
"version": {
16-
"version_data": [
17-
{
18-
"version_value": "firmware version 1.0.4.98"
19-
}
20-
]
2+
"CVE_data_meta": {
3+
"ASSIGNER": "[email protected]",
4+
"ID": "CVE-2021-27239",
5+
"STATE": "PUBLIC"
6+
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "Multiple Routers",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_value": "firmware version 1.0.4.98"
19+
}
20+
]
21+
}
22+
}
23+
]
24+
},
25+
"vendor_name": "NETGEAR"
2126
}
22-
}
2327
]
24-
},
25-
"vendor_name": "NETGEAR"
2628
}
27-
]
28-
}
29-
},
30-
"credit": "Anonymous",
31-
"data_format": "MITRE",
32-
"data_type": "CVE",
33-
"data_version": "4.0",
34-
"description": {
35-
"description_data": [
36-
{
37-
"lang": "eng",
38-
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851."
39-
}
40-
]
41-
},
42-
"problemtype": {
43-
"problemtype_data": [
44-
{
45-
"description": [
46-
{
47-
"lang": "eng",
48-
"value": "CWE-121: Stack-based Buffer Overflow"
49-
}
29+
},
30+
"credit": "Anonymous",
31+
"data_format": "MITRE",
32+
"data_type": "CVE",
33+
"data_version": "4.0",
34+
"description": {
35+
"description_data": [
36+
{
37+
"lang": "eng",
38+
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851."
39+
}
40+
]
41+
},
42+
"problemtype": {
43+
"problemtype_data": [
44+
{
45+
"description": [
46+
{
47+
"lang": "eng",
48+
"value": "CWE-121: Stack-based Buffer Overflow"
49+
}
50+
]
51+
}
5052
]
51-
}
52-
]
53-
},
54-
"references": {
55-
"reference_data": [
56-
{
57-
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-206/"
58-
},
59-
{
60-
"url": "https://kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-Overflow-Remote-Code-Execution-Vulnerability-on-Some-Routers-PSV-2020-0432"
61-
}
62-
]
63-
},
64-
"impact": {
65-
"cvss": {
66-
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
67-
"version": "3.0"
53+
},
54+
"references": {
55+
"reference_data": [
56+
{
57+
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-206/",
58+
"refsource": "MISC",
59+
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-206/"
60+
},
61+
{
62+
"url": "https://kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-Overflow-Remote-Code-Execution-Vulnerability-on-Some-Routers-PSV-2020-0432",
63+
"refsource": "MISC",
64+
"name": "https://kb.netgear.com/000062820/Security-Advisory-for-Stack-based-Buffer-Overflow-Remote-Code-Execution-Vulnerability-on-Some-Routers-PSV-2020-0432"
65+
}
66+
]
67+
},
68+
"impact": {
69+
"cvss": {
70+
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
71+
"version": "3.0"
72+
}
6873
}
69-
}
70-
}
74+
}

2021/27xxx/CVE-2021-27240.json

Lines changed: 63 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -1,67 +1,69 @@
11
{
2-
"CVE_data_meta": {
3-
"ASSIGNER": "[email protected]",
4-
"ID": "CVE-2021-27240",
5-
"STATE": "PUBLIC"
6-
},
7-
"affects": {
8-
"vendor": {
9-
"vendor_data": [
10-
{
11-
"product": {
12-
"product_data": [
13-
{
14-
"product_name": "Patch Manager",
15-
"version": {
16-
"version_data": [
17-
{
18-
"version_value": "2020.2.1"
19-
}
20-
]
2+
"CVE_data_meta": {
3+
"ASSIGNER": "[email protected]",
4+
"ID": "CVE-2021-27240",
5+
"STATE": "PUBLIC"
6+
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "Patch Manager",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_value": "2020.2.1"
19+
}
20+
]
21+
}
22+
}
23+
]
24+
},
25+
"vendor_name": "SolarWinds"
2126
}
22-
}
2327
]
24-
},
25-
"vendor_name": "SolarWinds"
2628
}
27-
]
28-
}
29-
},
30-
"credit": "Harrison Neal",
31-
"data_format": "MITRE",
32-
"data_type": "CVE",
33-
"data_version": "4.0",
34-
"description": {
35-
"description_data": [
36-
{
37-
"lang": "eng",
38-
"value": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009."
39-
}
40-
]
41-
},
42-
"problemtype": {
43-
"problemtype_data": [
44-
{
45-
"description": [
46-
{
47-
"lang": "eng",
48-
"value": "CWE-502: Deserialization of Untrusted Data"
49-
}
29+
},
30+
"credit": "Harrison Neal",
31+
"data_format": "MITRE",
32+
"data_type": "CVE",
33+
"data_version": "4.0",
34+
"description": {
35+
"description_data": [
36+
{
37+
"lang": "eng",
38+
"value": "This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009."
39+
}
40+
]
41+
},
42+
"problemtype": {
43+
"problemtype_data": [
44+
{
45+
"description": [
46+
{
47+
"lang": "eng",
48+
"value": "CWE-502: Deserialization of Untrusted Data"
49+
}
50+
]
51+
}
5052
]
51-
}
52-
]
53-
},
54-
"references": {
55-
"reference_data": [
56-
{
57-
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-207/"
58-
}
59-
]
60-
},
61-
"impact": {
62-
"cvss": {
63-
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
64-
"version": "3.0"
53+
},
54+
"references": {
55+
"reference_data": [
56+
{
57+
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-207/",
58+
"refsource": "MISC",
59+
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-207/"
60+
}
61+
]
62+
},
63+
"impact": {
64+
"cvss": {
65+
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
66+
"version": "3.0"
67+
}
6568
}
66-
}
67-
}
69+
}

0 commit comments

Comments
 (0)