diff --git a/2020/18xxx/CVE-2020-18666.json b/2020/18xxx/CVE-2020-18666.json index 4e09b23f2eb..950cb580831 100644 --- a/2020/18xxx/CVE-2020-18666.json +++ b/2020/18xxx/CVE-2020-18666.json @@ -1,66 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-18666", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-18666", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Cross Site Scripting (XSS) vulnerability WebPort <=1.19.1 via the connection name parameter in type-conn." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/LoRexxar/CVE_Request/blob/master/web%20port%20mul%20vuls%20before%20v1.19.1/web%20port%20mul%20vuls%20before%20v1.19.1.md#post-stored-xss-and-sql-injection-in--logtypeerror", - "refsource": "MISC", - "name": "https://github.com/LoRexxar/CVE_Request/blob/master/web%20port%20mul%20vuls%20before%20v1.19.1/web%20port%20mul%20vuls%20before%20v1.19.1.md#post-stored-xss-and-sql-injection-in--logtypeerror" - }, - { - "url": "https://www.seebug.org/vuldb/ssvid-97997", - "refsource": "MISC", - "name": "https://www.seebug.org/vuldb/ssvid-97997" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-18664. Reason: This candidate is a duplicate of CVE-2020-18664. Notes: All CVE users should reference CVE-2020-18664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2020/18xxx/CVE-2020-18668.json b/2020/18xxx/CVE-2020-18668.json index 75a73da0ad2..0d893db91fe 100644 --- a/2020/18xxx/CVE-2020-18668.json +++ b/2020/18xxx/CVE-2020-18668.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18668", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18668", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LoRexxar/CVE_Request/blob/master/web%20port%20mul%20vuls%20before%20v1.19.1/web%20port%20mul%20vuls%20before%20v1.19.1.md#stored-xss--in-scriptlistcalls", + "refsource": "MISC", + "name": "https://github.com/LoRexxar/CVE_Request/blob/master/web%20port%20mul%20vuls%20before%20v1.19.1/web%20port%20mul%20vuls%20before%20v1.19.1.md#stored-xss--in-scriptlistcalls" + }, + { + "url": "https://www.seebug.org/vuldb/ssvid-97996", + "refsource": "MISC", + "name": "https://www.seebug.org/vuldb/ssvid-97996" } ] } diff --git a/2021/21xxx/CVE-2021-21571.json b/2021/21xxx/CVE-2021-21571.json index e3425d47774..8b2fc5853c7 100644 --- a/2021/21xxx/CVE-2021-21571.json +++ b/2021/21xxx/CVE-2021-21571.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-06-24", - "ID": "CVE-2021-21571", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-06-24", + "ID": "CVE-2021-21571", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "UEFI BIOS https stack", + "product_name": "UEFI BIOS https stack", "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "=", "version_value": "Gen 11, Gen 10" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering." } ] - }, + }, "impact": { "cvss": { - "baseScore": 5.9, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", + "baseScore": 5.9, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-295: Improper Certificate Validation" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000188682" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000188682", + "name": "https://www.dell.com/support/kbdoc/en-us/000188682" } ] } diff --git a/2021/21xxx/CVE-2021-21572.json b/2021/21xxx/CVE-2021-21572.json index 9f81bf29299..e3f0ec70335 100644 --- a/2021/21xxx/CVE-2021-21572.json +++ b/2021/21xxx/CVE-2021-21572.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-06-24", - "ID": "CVE-2021-21572", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-06-24", + "ID": "CVE-2021-21572", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "BIOSConnect", + "product_name": "BIOSConnect", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "Gen 11, Gen 10" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.2, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000188682" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000188682", + "name": "https://www.dell.com/support/kbdoc/en-us/000188682" } ] } diff --git a/2021/21xxx/CVE-2021-21573.json b/2021/21xxx/CVE-2021-21573.json index 1cd087a9747..e3cd59858b2 100644 --- a/2021/21xxx/CVE-2021-21573.json +++ b/2021/21xxx/CVE-2021-21573.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-06-24", - "ID": "CVE-2021-21573", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-06-24", + "ID": "CVE-2021-21573", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "BIOSConnect", + "product_name": "BIOSConnect", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "Gen 11, Gen 10" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.2, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000188682" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000188682", + "name": "https://www.dell.com/support/kbdoc/en-us/000188682" } ] } diff --git a/2021/21xxx/CVE-2021-21574.json b/2021/21xxx/CVE-2021-21574.json index 3418de1065e..2b1f68a1152 100644 --- a/2021/21xxx/CVE-2021-21574.json +++ b/2021/21xxx/CVE-2021-21574.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-06-24", - "ID": "CVE-2021-21574", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-06-24", + "ID": "CVE-2021-21574", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "BIOSConnect", + "product_name": "BIOSConnect", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "Gen 11, Gen 10" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.2, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000188682" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000188682", + "name": "https://www.dell.com/support/kbdoc/en-us/000188682" } ] } diff --git a/2021/33xxx/CVE-2021-33000.json b/2021/33xxx/CVE-2021-33000.json index 678fabd8df0..da31b1dc093 100644 --- a/2021/33xxx/CVE-2021-33000.json +++ b/2021/33xxx/CVE-2021-33000.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WebAccess HMI Designer", + "version": { + "version_data": [ + { + "version_value": "versions 2.1.9.95 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior)." } ] } diff --git a/2021/33xxx/CVE-2021-33002.json b/2021/33xxx/CVE-2021-33002.json index 1c903ab086a..5d57505ffb0 100644 --- a/2021/33xxx/CVE-2021-33002.json +++ b/2021/33xxx/CVE-2021-33002.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33002", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WebAccess HMI Designer", + "version": { + "version_data": [ + { + "version_value": "versions 2.1.9.95 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS WRITE CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior)." } ] } diff --git a/2021/33xxx/CVE-2021-33004.json b/2021/33xxx/CVE-2021-33004.json index cfc232a2913..7ac2e7072b0 100644 --- a/2021/33xxx/CVE-2021-33004.json +++ b/2021/33xxx/CVE-2021-33004.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "WebAccess HMI Designer", + "version": { + "version_data": [ + { + "version_value": "versions 2.1.9.95 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER RESTRICTION OF OPERATION WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior)." } ] }