diff --git a/2020/15xxx/CVE-2020-15522.json b/2020/15xxx/CVE-2020-15522.json index 05d9f70492d..8e9220185f4 100644 --- a/2020/15xxx/CVE-2020-15522.json +++ b/2020/15xxx/CVE-2020-15522.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15522", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15522", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.bouncycastle.org/releasenotes.html", + "refsource": "MISC", + "name": "https://www.bouncycastle.org/releasenotes.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/bcgit/bc-java/wiki/CVE-2020-15522", + "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-15522" + }, + { + "refsource": "MISC", + "name": "https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522", + "url": "https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522" } ] } diff --git a/2021/27xxx/CVE-2021-27457.json b/2021/27xxx/CVE-2021-27457.json index 6a70578ece0..fa824ebc894 100644 --- a/2021/27xxx/CVE-2021-27457.json +++ b/2021/27xxx/CVE-2021-27457.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27457", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Emerson Rosemount X-STREAM Gas Analyzer", + "version": { + "version_data": [ + { + "version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INADEQUATE ENCRYPTION STRENGTH CWE-326" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access." } ] } diff --git a/2021/27xxx/CVE-2021-27459.json b/2021/27xxx/CVE-2021-27459.json index c719e1985f7..cc80761c9a2 100644 --- a/2021/27xxx/CVE-2021-27459.json +++ b/2021/27xxx/CVE-2021-27459.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27459", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Emerson Rosemount X-STREAM Gas Analyzer", + "version": { + "version_data": [ + { + "version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code." } ] } diff --git a/2021/27xxx/CVE-2021-27461.json b/2021/27xxx/CVE-2021-27461.json index 2363e85aef0..91be12425fa 100644 --- a/2021/27xxx/CVE-2021-27461.json +++ b/2021/27xxx/CVE-2021-27461.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Emerson Rosemount X-STREAM Gas Analyzer", + "version": { + "version_data": [ + { + "version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs." } ] } diff --git a/2021/27xxx/CVE-2021-27463.json b/2021/27xxx/CVE-2021-27463.json index e9e0642bd9e..d304f7aa90c 100644 --- a/2021/27xxx/CVE-2021-27463.json +++ b/2021/27xxx/CVE-2021-27463.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27463", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Emerson Rosemount X-STREAM Gas Analyzer", + "version": { + "version_data": [ + { + "version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION CWE-539" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information." } ] } diff --git a/2021/27xxx/CVE-2021-27465.json b/2021/27xxx/CVE-2021-27465.json index 04d48db16b5..72a8b263869 100644 --- a/2021/27xxx/CVE-2021-27465.json +++ b/2021/27xxx/CVE-2021-27465.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27465", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Emerson Rosemount X-STREAM Gas Analyzer", + "version": { + "version_data": [ + { + "version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-STREAM enhanced XEXF \u2013 all revisions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data." } ] } diff --git a/2021/27xxx/CVE-2021-27467.json b/2021/27xxx/CVE-2021-27467.json index 3125491428b..c95a3cf5500 100644 --- a/2021/27xxx/CVE-2021-27467.json +++ b/2021/27xxx/CVE-2021-27467.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27467", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Emerson Rosemount X-STREAM Gas Analyzer", + "version": { + "version_data": [ + { + "version_value": "X-STREAM enhanced XEGP \u2013 all revisions, X-STREAM enhanced XEGK \u2013 all revisions, X-STREAM enhanced XEFD \u2013 all revisions, X-" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER RESTRICTION OF RENDERED UI LAYERS OR FRAMES CWE-1021" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-138-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product\u2019s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information." } ] }