From 20ef370e3d1430ae9404c6b7ec9326b07ff33d77 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Sep 2021 13:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10011.json | 5 ++++ 2016/10xxx/CVE-2016-10708.json | 5 ++++ 2016/6xxx/CVE-2016-6515.json | 5 ++++ 2020/36xxx/CVE-2020-36475.json | 5 ++++ 2020/36xxx/CVE-2020-36478.json | 5 ++++ 2020/7xxx/CVE-2020-7461.json | 5 ++++ 2021/23xxx/CVE-2021-23048.json | 50 ++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23049.json | 50 ++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23050.json | 53 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23051.json | 50 ++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23052.json | 50 ++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23053.json | 50 ++++++++++++++++++++++++++++++-- 12 files changed, 315 insertions(+), 18 deletions(-) diff --git a/2016/10xxx/CVE-2016-10011.json b/2016/10xxx/CVE-2016-10011.json index b86dedd121f..d385873b418 100644 --- a/2016/10xxx/CVE-2016-10011.json +++ b/2016/10xxx/CVE-2016-10011.json @@ -101,6 +101,11 @@ "name": "https://www.openssh.com/txt/release-7.4", "refsource": "CONFIRM", "url": "https://www.openssh.com/txt/release-7.4" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf" } ] } diff --git a/2016/10xxx/CVE-2016-10708.json b/2016/10xxx/CVE-2016-10708.json index eb5fda67679..2903396c367 100644 --- a/2016/10xxx/CVE-2016-10708.json +++ b/2016/10xxx/CVE-2016-10708.json @@ -101,6 +101,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K32485746?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf" } ] } diff --git a/2016/6xxx/CVE-2016-6515.json b/2016/6xxx/CVE-2016-6515.json index debf253d389..8cac68663d7 100644 --- a/2016/6xxx/CVE-2016-6515.json +++ b/2016/6xxx/CVE-2016-6515.json @@ -116,6 +116,11 @@ "name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2016/08/01/2" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf" } ] } diff --git a/2020/36xxx/CVE-2020-36475.json b/2020/36xxx/CVE-2020-36475.json index c08a5e10749..e7804c07611 100644 --- a/2020/36xxx/CVE-2020-36475.json +++ b/2020/36xxx/CVE-2020-36475.json @@ -66,6 +66,11 @@ "url": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18", "refsource": "MISC", "name": "https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf" } ] } diff --git a/2020/36xxx/CVE-2020-36478.json b/2020/36xxx/CVE-2020-36478.json index f3a69b9fbe9..add55545600 100644 --- a/2020/36xxx/CVE-2020-36478.json +++ b/2020/36xxx/CVE-2020-36478.json @@ -71,6 +71,11 @@ "url": "https://github.com/ARMmbed/mbedtls/issues/3629", "refsource": "MISC", "name": "https://github.com/ARMmbed/mbedtls/issues/3629" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf" } ] } diff --git a/2020/7xxx/CVE-2020-7461.json b/2020/7xxx/CVE-2020-7461.json index b08ef8a6a26..cd33c10ba20 100644 --- a/2020/7xxx/CVE-2020-7461.json +++ b/2020/7xxx/CVE-2020-7461.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:26.dhclient.asc", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:26.dhclient.asc" + }, + { + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf" } ] }, diff --git a/2021/23xxx/CVE-2021-23048.json b/2021/23xxx/CVE-2021-23048.json index d83cc456cf4..5f334cb68fe 100644 --- a/2021/23xxx/CVE-2021-23048.json +++ b/2021/23xxx/CVE-2021-23048.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K19012930", + "url": "https://support.f5.com/csp/article/K19012930" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23049.json b/2021/23xxx/CVE-2021-23049.json index 62d228dd65f..cb4d2b5c995 100644 --- a/2021/23xxx/CVE-2021-23049.json +++ b/2021/23xxx/CVE-2021-23049.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23049", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "16.0.x before 16.0.1.2 and 15.1.x before 15.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K65397301", + "url": "https://support.f5.com/csp/article/K65397301" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23050.json b/2021/23xxx/CVE-2021-23050.json index 2192506c203..afdb3276c1f 100644 --- a/2021/23xxx/CVE-2021-23050.json +++ b/2021/23xxx/CVE-2021-23050.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23050", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP Advanced WAF and BIG-IP ASM; NGINX App Protect", + "version": { + "version_data": [ + { + "version_value": "BIG-IP Advanced WAF and BIG-IP ASM 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3" + }, + { + "version_value": "NGINX App Protect all versions before 3.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K44553214", + "url": "https://support.f5.com/csp/article/K44553214" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23051.json b/2021/23xxx/CVE-2021-23051.json index a5c6eb7875a..16dae22ecbb 100644 --- a/2021/23xxx/CVE-2021-23051.json +++ b/2021/23xxx/CVE-2021-23051.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23051", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "15.1.0.4-15.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K01153535", + "url": "https://support.f5.com/csp/article/K01153535" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23052.json b/2021/23xxx/CVE-2021-23052.json index 34c2b82fa55..276f1c7ec01 100644 --- a/2021/23xxx/CVE-2021-23052.json +++ b/2021/23xxx/CVE-2021-23052.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "14.1.x before 14.1.4.4 and all versions of 13.1.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K32734107", + "url": "https://support.f5.com/csp/article/K32734107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23053.json b/2021/23xxx/CVE-2021-23053.json index 089a68e88d0..922a1308cd5 100644 --- a/2021/23xxx/CVE-2021-23053.json +++ b/2021/23xxx/CVE-2021-23053.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP Advanced WAF and BIG-IP ASM", + "version": { + "version_data": [ + { + "version_value": "15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K36942191", + "url": "https://support.f5.com/csp/article/K36942191" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] }