diff --git a/2018/3xxx/CVE-2018-3635.json b/2018/3xxx/CVE-2018-3635.json index 749807d4492..f2f7fb4b467 100644 --- a/2018/3xxx/CVE-2018-3635.json +++ b/2018/3xxx/CVE-2018-3635.json @@ -61,6 +61,11 @@ "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00153.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00153.html" + }, + { + "refsource": "FULLDISC", + "name": "20210323 CVE-2018-3635 revisited: executable installers are vulnerable^WEVIL (case 60): again arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User Interface and Driver", + "url": "http://seclists.org/fulldisclosure/2021/Mar/55" } ] } diff --git a/2019/19xxx/CVE-2019-19343.json b/2019/19xxx/CVE-2019-19343.json index 5eccabc7128..cf62559a7bb 100644 --- a/2019/19xxx/CVE-2019-19343.json +++ b/2019/19xxx/CVE-2019-19343.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19343", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Undertow", + "version": { + "version_data": [ + { + "version_value": "undertow 2.0.25.SP1, jboss-remoting 5.0.14.SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1780445", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1780445" + }, + { + "refsource": "MISC", + "name": "https://issues.redhat.com/browse/JBEAP-16695", + "url": "https://issues.redhat.com/browse/JBEAP-16695" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable." } ] } diff --git a/2021/28xxx/CVE-2021-28099.json b/2021/28xxx/CVE-2021-28099.json index d4e35ada7a6..8bc99e85e59 100644 --- a/2021/28xxx/CVE-2021-28099.json +++ b/2021/28xxx/CVE-2021-28099.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-28099", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-report@netflix.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Netflix OSS Hollow", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-001.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated." } ] } diff --git a/2021/28xxx/CVE-2021-28100.json b/2021/28xxx/CVE-2021-28100.json index eaf9da69129..4ae2119d3d5 100644 --- a/2021/28xxx/CVE-2021-28100.json +++ b/2021/28xxx/CVE-2021-28100.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-28100", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-report@netflix.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Netflix OSS Priam", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2021-002.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process." } ] } diff --git a/2021/28xxx/CVE-2021-28817.json b/2021/28xxx/CVE-2021-28817.json index 870bcf75010..1d871a6da07 100644 --- a/2021/28xxx/CVE-2021-28817.json +++ b/2021/28xxx/CVE-2021-28817.json @@ -1,107 +1,107 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-28817", - "STATE": "PUBLIC", - "TITLE": "TIBCO Rendezvous Windows Platform Installation vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO Rendezvous", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - }, - { - "product_name": "TIBCO Rendezvous Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher" - } - ], - "source": { - "discovery": "Will Dormann of CERT/CC" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-28817", + "STATE": "PUBLIC", + "TITLE": "TIBCO Rendezvous Windows Platform Installation vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Rendezvous", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + }, + { + "product_name": "TIBCO Rendezvous Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher" + } + ], + "source": { + "discovery": "Will Dormann of CERT/CC" + } +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28818.json b/2021/28xxx/CVE-2021-28818.json index f10bbe90399..691f34d73db 100644 --- a/2021/28xxx/CVE-2021-28818.json +++ b/2021/28xxx/CVE-2021-28818.json @@ -1,107 +1,107 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-28818", - "STATE": "PUBLIC", - "TITLE": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO Rendezvous", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - }, - { - "product_name": "TIBCO Rendezvous Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher" - } - ], - "source": { - "discovery": "Will Dormann of CERT/CC" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-28818", + "STATE": "PUBLIC", + "TITLE": "TIBCO Rendezvous Windows Platform Artifact Search vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Rendezvous", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + }, + { + "product_name": "TIBCO Rendezvous Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher\nTIBCO Rendezvous Developer Edition versions 8.5.1 and below update to version 8.5.2 or higher" + } + ], + "source": { + "discovery": "Will Dormann of CERT/CC" + } +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28819.json b/2021/28xxx/CVE-2021-28819.json index f2d498a3937..c1e9ac47ef4 100644 --- a/2021/28xxx/CVE-2021-28819.json +++ b/2021/28xxx/CVE-2021-28819.json @@ -1,118 +1,118 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-28819", - "STATE": "PUBLIC", - "TITLE": "TIBCO FTL Windows Platform Installation vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO FTL - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - }, - { - "product_name": "TIBCO FTL - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - }, - { - "product_name": "TIBCO FTL - Enterprise Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation.\n\nAffected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO FTL - Community Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO FTL - Developer Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO FTL - Enterprise Edition versions 6.5.0 and below update to version 6.6.0 or higher" - } - ], - "source": { - "discovery": "Will Dormann of CERT/CC" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-28819", + "STATE": "PUBLIC", + "TITLE": "TIBCO FTL Windows Platform Installation vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO FTL - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO FTL - Community Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO FTL - Developer Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO FTL - Enterprise Edition versions 6.5.0 and below update to version 6.6.0 or higher" + } + ], + "source": { + "discovery": "Will Dormann of CERT/CC" + } +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28820.json b/2021/28xxx/CVE-2021-28820.json index 67d9d2af249..d6186e71721 100644 --- a/2021/28xxx/CVE-2021-28820.json +++ b/2021/28xxx/CVE-2021-28820.json @@ -1,118 +1,118 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-28820", - "STATE": "PUBLIC", - "TITLE": "TIBCO FTL Windows Platform Artifact Search vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO FTL - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - }, - { - "product_name": "TIBCO FTL - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - }, - { - "product_name": "TIBCO FTL - Enterprise Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy.\n\nAffected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO FTL - Community Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO FTL - Developer Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO FTL - Enterprise Edition versions 6.5.0 and below update to version 6.6.0 or higher" - } - ], - "source": { - "discovery": "Will Dormann of CERT/CC" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-28820", + "STATE": "PUBLIC", + "TITLE": "TIBCO FTL Windows Platform Artifact Search vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO FTL - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + }, + { + "product_name": "TIBCO FTL - Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO FTL - Community Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO FTL - Developer Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO FTL - Enterprise Edition versions 6.5.0 and below update to version 6.6.0 or higher" + } + ], + "source": { + "discovery": "Will Dormann of CERT/CC" + } +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28821.json b/2021/28xxx/CVE-2021-28821.json index 15751ef7370..de2d61f324d 100644 --- a/2021/28xxx/CVE-2021-28821.json +++ b/2021/28xxx/CVE-2021-28821.json @@ -1,118 +1,118 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-28821", - "STATE": "PUBLIC", - "TITLE": "TIBCO Enterprise Message Service Windows Platform Installation vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO Enterprise Message Service", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - }, - { - "product_name": "TIBCO Enterprise Message Service - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - }, - { - "product_name": "TIBCO Enterprise Message Service - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher" - } - ], - "source": { - "discovery": "Will Dormann of CERT/CC" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-28821", + "STATE": "PUBLIC", + "TITLE": "TIBCO Enterprise Message Service Windows Platform Installation vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Enterprise Message Service", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + }, + { + "product_name": "TIBCO Enterprise Message Service - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + }, + { + "product_name": "TIBCO Enterprise Message Service - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher" + } + ], + "source": { + "discovery": "Will Dormann of CERT/CC" + } +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28822.json b/2021/28xxx/CVE-2021-28822.json index f92f6cf9960..e54b9e3c277 100644 --- a/2021/28xxx/CVE-2021-28822.json +++ b/2021/28xxx/CVE-2021-28822.json @@ -1,118 +1,118 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-28822", - "STATE": "PUBLIC", - "TITLE": "TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO Enterprise Message Service", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - }, - { - "product_name": "TIBCO Enterprise Message Service - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - }, - { - "product_name": "TIBCO Enterprise Message Service - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "8.5.1" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher" - } - ], - "source": { - "discovery": "Will Dormann of CERT/CC" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-28822", + "STATE": "PUBLIC", + "TITLE": "TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Enterprise Message Service", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + }, + { + "product_name": "TIBCO Enterprise Message Service - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + }, + { + "product_name": "TIBCO Enterprise Message Service - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "8.5.1" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Enterprise Message Service versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Community Edition versions 8.5.1 and below update to version 8.6.0 or higher\nTIBCO Enterprise Message Service - Developer Edition versions 8.5.1 and below update to version 8.6.0 or higher" + } + ], + "source": { + "discovery": "Will Dormann of CERT/CC" + } +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28823.json b/2021/28xxx/CVE-2021-28823.json index eacb2bf406d..53a8020c19b 100644 --- a/2021/28xxx/CVE-2021-28823.json +++ b/2021/28xxx/CVE-2021-28823.json @@ -1,118 +1,118 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-28823", - "STATE": "PUBLIC", - "TITLE": "TIBCO eFTL Windows Platform Installation vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO eFTL - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - }, - { - "product_name": "TIBCO eFTL - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - }, - { - "product_name": "TIBCO eFTL - Enterprise Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "6.5.0" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation.\n\nAffected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.5.0 and below, TIBCO eFTL - Developer Edition: versions 6.5.0 and below, and TIBCO eFTL - Enterprise Edition: versions 6.5.0 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO eFTL - Community Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO eFTL - Developer Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO eFTL - Enterprise Edition versions 6.5.0 and below update to version 6.6.0 or higher" - } - ], - "source": { - "discovery": "Will Dormann of CERT/CC" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-28823", + "STATE": "PUBLIC", + "TITLE": "TIBCO eFTL Windows Platform Installation vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO eFTL - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + }, + { + "product_name": "TIBCO eFTL - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + }, + { + "product_name": "TIBCO eFTL - Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.5.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.5.0 and below, TIBCO eFTL - Developer Edition: versions 6.5.0 and below, and TIBCO eFTL - Enterprise Edition: versions 6.5.0 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO eFTL - Community Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO eFTL - Developer Edition versions 6.5.0 and below update to version 6.6.0 or higher\nTIBCO eFTL - Enterprise Edition versions 6.5.0 and below update to version 6.6.0 or higher" + } + ], + "source": { + "discovery": "Will Dormann of CERT/CC" + } +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28824.json b/2021/28xxx/CVE-2021-28824.json index b532d087d72..6c4cb1416cf 100644 --- a/2021/28xxx/CVE-2021-28824.json +++ b/2021/28xxx/CVE-2021-28824.json @@ -1,118 +1,118 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@tibco.com", - "DATE_PUBLIC": "2021-03-23T17:00:00Z", - "ID": "CVE-2021-28824", - "STATE": "PUBLIC", - "TITLE": "TIBCO ActiveSpaces Windows Platform Installation vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "TIBCO ActiveSpaces - Community Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "4.5.0" - } - ] - } - }, - { - "product_name": "TIBCO ActiveSpaces - Developer Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "4.5.0" - } - ] - } - }, - { - "product_name": "TIBCO ActiveSpaces - Enterprise Edition", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_value": "4.5.0" - } - ] - } - } - ] - }, - "vendor_name": "TIBCO Software Inc." - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation.\n\nAffected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces - Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces - Enterprise Edition: versions 4.5.0 and below.\n" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "http://www.tibco.com/services/support/advisories", - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.5.0 and below update to version 4.6.0 or higher\nTIBCO ActiveSpaces - Developer Edition versions 4.5.0 and below update to version 4.6.0 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 4.5.0 and below update to version 4.6.0 or higher" - } - ], - "source": { - "discovery": "Will Dormann of CERT/CC" - } -} + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2021-03-23T17:00:00Z", + "ID": "CVE-2021-28824", + "STATE": "PUBLIC", + "TITLE": "TIBCO ActiveSpaces Windows Platform Installation vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO ActiveSpaces - Community Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.5.0" + } + ] + } + }, + { + "product_name": "TIBCO ActiveSpaces - Developer Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.5.0" + } + ] + } + }, + { + "product_name": "TIBCO ActiveSpaces - Enterprise Edition", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "4.5.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces - Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces - Enterprise Edition: versions 4.5.0 and below." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the possibility of an attacker gaining full access to the Windows operating system at the privilege level of the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.5.0 and below update to version 4.6.0 or higher\nTIBCO ActiveSpaces - Developer Edition versions 4.5.0 and below update to version 4.6.0 or higher\nTIBCO ActiveSpaces - Enterprise Edition versions 4.5.0 and below update to version 4.6.0 or higher" + } + ], + "source": { + "discovery": "Will Dormann of CERT/CC" + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29093.json b/2021/29xxx/CVE-2021-29093.json new file mode 100644 index 00000000000..90418589f45 --- /dev/null +++ b/2021/29xxx/CVE-2021-29093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29094.json b/2021/29xxx/CVE-2021-29094.json new file mode 100644 index 00000000000..87042f23f6c --- /dev/null +++ b/2021/29xxx/CVE-2021-29094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29095.json b/2021/29xxx/CVE-2021-29095.json new file mode 100644 index 00000000000..5d44a4ea4ec --- /dev/null +++ b/2021/29xxx/CVE-2021-29095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29096.json b/2021/29xxx/CVE-2021-29096.json new file mode 100644 index 00000000000..15c01febe2e --- /dev/null +++ b/2021/29xxx/CVE-2021-29096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29097.json b/2021/29xxx/CVE-2021-29097.json new file mode 100644 index 00000000000..4fb8e116381 --- /dev/null +++ b/2021/29xxx/CVE-2021-29097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29098.json b/2021/29xxx/CVE-2021-29098.json new file mode 100644 index 00000000000..6dbf308033e --- /dev/null +++ b/2021/29xxx/CVE-2021-29098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29099.json b/2021/29xxx/CVE-2021-29099.json new file mode 100644 index 00000000000..64500709e50 --- /dev/null +++ b/2021/29xxx/CVE-2021-29099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29100.json b/2021/29xxx/CVE-2021-29100.json new file mode 100644 index 00000000000..5f61fc9748d --- /dev/null +++ b/2021/29xxx/CVE-2021-29100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29101.json b/2021/29xxx/CVE-2021-29101.json new file mode 100644 index 00000000000..78bc5de40e4 --- /dev/null +++ b/2021/29xxx/CVE-2021-29101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29102.json b/2021/29xxx/CVE-2021-29102.json new file mode 100644 index 00000000000..29f54836afc --- /dev/null +++ b/2021/29xxx/CVE-2021-29102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29103.json b/2021/29xxx/CVE-2021-29103.json new file mode 100644 index 00000000000..c25c5dda1eb --- /dev/null +++ b/2021/29xxx/CVE-2021-29103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29104.json b/2021/29xxx/CVE-2021-29104.json new file mode 100644 index 00000000000..ef187d808ba --- /dev/null +++ b/2021/29xxx/CVE-2021-29104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29105.json b/2021/29xxx/CVE-2021-29105.json new file mode 100644 index 00000000000..fdec45e17f8 --- /dev/null +++ b/2021/29xxx/CVE-2021-29105.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29105", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29106.json b/2021/29xxx/CVE-2021-29106.json new file mode 100644 index 00000000000..d3561222cf6 --- /dev/null +++ b/2021/29xxx/CVE-2021-29106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29107.json b/2021/29xxx/CVE-2021-29107.json new file mode 100644 index 00000000000..9966211384c --- /dev/null +++ b/2021/29xxx/CVE-2021-29107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29108.json b/2021/29xxx/CVE-2021-29108.json new file mode 100644 index 00000000000..a4937b5ca8c --- /dev/null +++ b/2021/29xxx/CVE-2021-29108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29109.json b/2021/29xxx/CVE-2021-29109.json new file mode 100644 index 00000000000..92b5ee88f13 --- /dev/null +++ b/2021/29xxx/CVE-2021-29109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29110.json b/2021/29xxx/CVE-2021-29110.json new file mode 100644 index 00000000000..2072ea661f9 --- /dev/null +++ b/2021/29xxx/CVE-2021-29110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29111.json b/2021/29xxx/CVE-2021-29111.json new file mode 100644 index 00000000000..b7b437f9ad2 --- /dev/null +++ b/2021/29xxx/CVE-2021-29111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29112.json b/2021/29xxx/CVE-2021-29112.json new file mode 100644 index 00000000000..4c92b945b3e --- /dev/null +++ b/2021/29xxx/CVE-2021-29112.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29112", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29113.json b/2021/29xxx/CVE-2021-29113.json new file mode 100644 index 00000000000..b232d0419dc --- /dev/null +++ b/2021/29xxx/CVE-2021-29113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29114.json b/2021/29xxx/CVE-2021-29114.json new file mode 100644 index 00000000000..22206c513c1 --- /dev/null +++ b/2021/29xxx/CVE-2021-29114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29115.json b/2021/29xxx/CVE-2021-29115.json new file mode 100644 index 00000000000..70015f6186f --- /dev/null +++ b/2021/29xxx/CVE-2021-29115.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29115", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29116.json b/2021/29xxx/CVE-2021-29116.json new file mode 100644 index 00000000000..8e0015d1282 --- /dev/null +++ b/2021/29xxx/CVE-2021-29116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29117.json b/2021/29xxx/CVE-2021-29117.json new file mode 100644 index 00000000000..1663e924a56 --- /dev/null +++ b/2021/29xxx/CVE-2021-29117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29118.json b/2021/29xxx/CVE-2021-29118.json new file mode 100644 index 00000000000..9d96d30e938 --- /dev/null +++ b/2021/29xxx/CVE-2021-29118.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29118", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29119.json b/2021/29xxx/CVE-2021-29119.json new file mode 100644 index 00000000000..d4246522d0c --- /dev/null +++ b/2021/29xxx/CVE-2021-29119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29120.json b/2021/29xxx/CVE-2021-29120.json new file mode 100644 index 00000000000..c02592f57ae --- /dev/null +++ b/2021/29xxx/CVE-2021-29120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29121.json b/2021/29xxx/CVE-2021-29121.json new file mode 100644 index 00000000000..dceb170d011 --- /dev/null +++ b/2021/29xxx/CVE-2021-29121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29122.json b/2021/29xxx/CVE-2021-29122.json new file mode 100644 index 00000000000..c492954755b --- /dev/null +++ b/2021/29xxx/CVE-2021-29122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29123.json b/2021/29xxx/CVE-2021-29123.json new file mode 100644 index 00000000000..31d7795b1ba --- /dev/null +++ b/2021/29xxx/CVE-2021-29123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29124.json b/2021/29xxx/CVE-2021-29124.json new file mode 100644 index 00000000000..4bfda5a0802 --- /dev/null +++ b/2021/29xxx/CVE-2021-29124.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29124", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29125.json b/2021/29xxx/CVE-2021-29125.json new file mode 100644 index 00000000000..0cb8f06823b --- /dev/null +++ b/2021/29xxx/CVE-2021-29125.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29125", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29126.json b/2021/29xxx/CVE-2021-29126.json new file mode 100644 index 00000000000..8608f361916 --- /dev/null +++ b/2021/29xxx/CVE-2021-29126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29127.json b/2021/29xxx/CVE-2021-29127.json new file mode 100644 index 00000000000..8da662a5335 --- /dev/null +++ b/2021/29xxx/CVE-2021-29127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29128.json b/2021/29xxx/CVE-2021-29128.json new file mode 100644 index 00000000000..e19450015b1 --- /dev/null +++ b/2021/29xxx/CVE-2021-29128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29129.json b/2021/29xxx/CVE-2021-29129.json new file mode 100644 index 00000000000..e24a05d4f5a --- /dev/null +++ b/2021/29xxx/CVE-2021-29129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29130.json b/2021/29xxx/CVE-2021-29130.json new file mode 100644 index 00000000000..abb00cd7725 --- /dev/null +++ b/2021/29xxx/CVE-2021-29130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29131.json b/2021/29xxx/CVE-2021-29131.json new file mode 100644 index 00000000000..2b0c96c874b --- /dev/null +++ b/2021/29xxx/CVE-2021-29131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29132.json b/2021/29xxx/CVE-2021-29132.json new file mode 100644 index 00000000000..f653b2baaf7 --- /dev/null +++ b/2021/29xxx/CVE-2021-29132.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29132", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3409.json b/2021/3xxx/CVE-2021-3409.json index 83769b810a5..849a5c71218 100644 --- a/2021/3xxx/CVE-2021-3409.json +++ b/2021/3xxx/CVE-2021-3409.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3409", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "up to (including) 5.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928146", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928146" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2021/03/09/1", + "url": "https://www.openwall.com/lists/oss-security/2021/03/09/1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this." } ] } diff --git a/2021/3xxx/CVE-2021-3444.json b/2021/3xxx/CVE-2021-3444.json index eafd209d84a..6906523b8b0 100644 --- a/2021/3xxx/CVE-2021-3444.json +++ b/2021/3xxx/CVE-2021-3444.json @@ -105,6 +105,11 @@ "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2021/03/23/2", "name": "https://www.openwall.com/lists/oss-security/2021/03/23/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210323 [CVE-2021-3444] Linux kernel bpf verifier incorrect mod32 truncation", + "url": "http://www.openwall.com/lists/oss-security/2021/03/23/2" } ] }, diff --git a/2021/3xxx/CVE-2021-3462.json b/2021/3xxx/CVE-2021-3462.json new file mode 100644 index 00000000000..d80bd4bf812 --- /dev/null +++ b/2021/3xxx/CVE-2021-3462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file