diff --git a/2020/20xxx/CVE-2020-20230.json b/2020/20xxx/CVE-2020-20230.json index aa1689e5a66..170fd5260be 100644 --- a/2020/20xxx/CVE-2020-20230.json +++ b/2020/20xxx/CVE-2020-20230.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20230", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20230", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md", + "url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md" } ] } diff --git a/2020/22xxx/CVE-2020-22650.json b/2020/22xxx/CVE-2020-22650.json index 96f20574539..ca251b2496d 100644 --- a/2020/22xxx/CVE-2020-22650.json +++ b/2020/22xxx/CVE-2020-22650.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22650", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22650", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jpalanco/alienvault-ossim/issues/4", + "refsource": "MISC", + "name": "https://github.com/jpalanco/alienvault-ossim/issues/4" } ] } diff --git a/2020/5xxx/CVE-2020-5031.json b/2020/5xxx/CVE-2020-5031.json index a825974d68d..b89b90364d4 100644 --- a/2020/5xxx/CVE-2020-5031.json +++ b/2020/5xxx/CVE-2020-5031.json @@ -1,170 +1,170 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Engineering Workflow Management" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - }, - "product_name" : "Rational Team Concert" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Rational Engineering Lifecycle Manager" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - }, - "product_name" : "Rational DOORS Next Generation" - }, - { - "product_name" : "Engineering Lifecycle Optimization", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - } - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - }, - "product_name" : "Rational Collaborative Lifecycle Management" - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.", - "lang" : "eng" - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-07-16T00:00:00", - "ID" : "CVE-2020-5031", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6473141", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6473141", - "title" : "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-engineering-cve20205031-xss (193738)" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AV" : "N", - "S" : "C", - "A" : "N", - "C" : "L", - "AC" : "L", - "SCORE" : "5.400", - "UI" : "R", - "PR" : "L", - "I" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "H", - "RC" : "C" - } - } - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Engineering Workflow Management" + }, + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + }, + "product_name": "Rational Team Concert" + }, + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Rational Engineering Lifecycle Manager" + }, + { + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + }, + "product_name": "Rational DOORS Next Generation" + }, + { + "product_name": "Engineering Lifecycle Optimization", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + } + }, + { + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + }, + "product_name": "Rational Collaborative Lifecycle Management" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.", + "lang": "eng" + } + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-07-16T00:00:00", + "ID": "CVE-2020-5031", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6473141", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6473141", + "title": "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193738", + "title": "X-Force Vulnerability Report", + "name": "ibm-engineering-cve20205031-xss (193738)" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AV": "N", + "S": "C", + "A": "N", + "C": "L", + "AC": "L", + "SCORE": "5.400", + "UI": "R", + "PR": "L", + "I": "L" + }, + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + } + } + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20507.json b/2021/20xxx/CVE-2021-20507.json index 858f08825cc..1d45b2f10be 100644 --- a/2021/20xxx/CVE-2021-20507.json +++ b/2021/20xxx/CVE-2021-20507.json @@ -1,170 +1,170 @@ { - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)", - "name" : "https://www.ibm.com/support/pages/node/6473141", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6473141" - }, - { - "name" : "ibm-jazz-cve202120507-xss (198235)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235", - "refsource" : "XF" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-20507", - "DATE_PUBLIC" : "2021-07-16T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "C" : "L", - "AC" : "L", - "S" : "C", - "AV" : "N", - "I" : "L", - "SCORE" : "5.400", - "PR" : "L", - "UI" : "R" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Engineering Workflow Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - } - }, - { - "product_name" : "Rational Team Concert", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - } - }, - { - "product_name" : "Rational Engineering Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - } - }, - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - } - }, - { - "product_name" : "Engineering Lifecycle Optimization", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.0.1" - }, - { - "version_value" : "7.0.2" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.6" - }, - { - "version_value" : "6.0.6.1" - } - ] - } - } - ] - } + "title": "IBM Security Bulletin 6473141 (Rational Collaborative Lifecycle Management)", + "name": "https://www.ibm.com/support/pages/node/6473141", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6473141" + }, + { + "name": "ibm-jazz-cve202120507-xss (198235)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198235", + "refsource": "XF" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.", - "lang" : "eng" - } - ] - } -} + ] + }, + "CVE_data_meta": { + "ID": "CVE-2021-20507", + "DATE_PUBLIC": "2021-07-16T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "C": "L", + "AC": "L", + "S": "C", + "AV": "N", + "I": "L", + "SCORE": "5.400", + "PR": "L", + "UI": "R" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Engineering Workflow Management", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + } + }, + { + "product_name": "Rational Team Concert", + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + } + }, + { + "product_name": "Rational Engineering Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + } + }, + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + } + }, + { + "product_name": "Engineering Lifecycle Optimization", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.0.1" + }, + { + "version_value": "7.0.2" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "6.0.6" + }, + { + "version_value": "6.0.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29707.json b/2021/29xxx/CVE-2021-29707.json index 2fb4488f75a..1f0a2d0a22e 100644 --- a/2021/29xxx/CVE-2021-29707.json +++ b/2021/29xxx/CVE-2021-29707.json @@ -1,93 +1,93 @@ { - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "9.1.910.0" - }, - { - "version_value" : "9.2.950.0" - } - ] - }, - "product_name" : "Power HMC" - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.", + "lang": "eng" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6473347", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6473347", - "title" : "IBM Security Bulletin 6473347 (Power HMC)" - }, - { - "name" : "ibm-hmc-cve202129707-priv-escalation (200879)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200879", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2021-29707", - "DATE_PUBLIC" : "2021-07-17T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "9.1.910.0" + }, + { + "version_value": "9.2.950.0" + } + ] + }, + "product_name": "Power HMC" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "C" : "H", - "A" : "H", - "AV" : "L", - "S" : "U", - "I" : "H", - "PR" : "N", - "UI" : "N", - "SCORE" : "8.400" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - } -} + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6473347", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6473347", + "title": "IBM Security Bulletin 6473347 (Power HMC)" + }, + { + "name": "ibm-hmc-cve202129707-priv-escalation (200879)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200879", + "refsource": "XF" + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2021-29707", + "DATE_PUBLIC": "2021-07-17T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "C": "H", + "A": "H", + "AV": "L", + "S": "U", + "I": "H", + "PR": "N", + "UI": "N", + "SCORE": "8.400" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29780.json b/2021/29xxx/CVE-2021-29780.json index 636bf649edc..75dc6b804fb 100644 --- a/2021/29xxx/CVE-2021-29780.json +++ b/2021/29xxx/CVE-2021-29780.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-29780", - "DATE_PUBLIC" : "2021-07-16T00:00:00", - "STATE" : "PUBLIC" - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6473131 (Resilient OnPrem)", - "name" : "https://www.ibm.com/support/pages/node/6473131", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6473131" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203085", - "refsource" : "XF", - "name" : "ibm-resilient-cve202129780-input-validation (203085)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "H", - "UI" : "N", - "SCORE" : "4.700", - "I" : "L", - "S" : "U", - "AV" : "N", - "AC" : "L", - "C" : "L", - "A" : "L" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-29780", + "DATE_PUBLIC": "2021-07-16T00:00:00", + "STATE": "PUBLIC" + }, + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "41" - } - ] - }, - "product_name" : "Resilient OnPrem" - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6473131 (Resilient OnPrem)", + "name": "https://www.ibm.com/support/pages/node/6473131", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6473131" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203085", + "refsource": "XF", + "name": "ibm-resilient-cve202129780-input-validation (203085)", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085." - } - ] - }, - "data_format" : "MITRE" -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "PR": "H", + "UI": "N", + "SCORE": "4.700", + "I": "L", + "S": "U", + "AV": "N", + "AC": "L", + "C": "L", + "A": "L" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "41" + } + ] + }, + "product_name": "Resilient OnPrem" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085." + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34513.json b/2021/34xxx/CVE-2021-34513.json index 77d2d77eeb3..ae599aaefef 100644 --- a/2021/34xxx/CVE-2021-34513.json +++ b/2021/34xxx/CVE-2021-34513.json @@ -186,6 +186,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34513", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34513" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-875/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-875/" } ] } diff --git a/2021/34xxx/CVE-2021-34675.json b/2021/34xxx/CVE-2021-34675.json index e73a0c89899..ba81381f7fd 100644 --- a/2021/34xxx/CVE-2021-34675.json +++ b/2021/34xxx/CVE-2021-34675.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34675", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34675", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://basixonline.net/nex-forms-wordpress-form-builder-demo/change-log/", + "refsource": "MISC", + "name": "http://basixonline.net/nex-forms-wordpress-form-builder-demo/change-log/" + }, + { + "refsource": "MISC", + "name": "https://github.com/rauschecker/CVEs/tree/main/CVE-2021-34675", + "url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2021-34675" } ] } diff --git a/2021/34xxx/CVE-2021-34676.json b/2021/34xxx/CVE-2021-34676.json index 1001ab7485c..212d8d2ccd8 100644 --- a/2021/34xxx/CVE-2021-34676.json +++ b/2021/34xxx/CVE-2021-34676.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34676", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34676", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://basixonline.net/nex-forms-wordpress-form-builder-demo/change-log/", + "refsource": "MISC", + "name": "http://basixonline.net/nex-forms-wordpress-form-builder-demo/change-log/" + }, + { + "refsource": "MISC", + "name": "https://github.com/rauschecker/CVEs/tree/main/CVE-2021-34676", + "url": "https://github.com/rauschecker/CVEs/tree/main/CVE-2021-34676" } ] } diff --git a/2021/36xxx/CVE-2021-36797.json b/2021/36xxx/CVE-2021-36797.json new file mode 100644 index 00000000000..9fae9293ca0 --- /dev/null +++ b/2021/36xxx/CVE-2021-36797.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter's opinion about an alleged \"security best practices\" violation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/victronenergy/venus/issues/836", + "refsource": "MISC", + "name": "https://github.com/victronenergy/venus/issues/836" + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36798.json b/2021/36xxx/CVE-2021-36798.json new file mode 100644 index 00000000000..7b2482396eb --- /dev/null +++ b/2021/36xxx/CVE-2021-36798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36799.json b/2021/36xxx/CVE-2021-36799.json new file mode 100644 index 00000000000..bf2d2422a77 --- /dev/null +++ b/2021/36xxx/CVE-2021-36799.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KNX ETS5 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/robertguetzkow/ets5-password-recovery", + "refsource": "MISC", + "name": "https://github.com/robertguetzkow/ets5-password-recovery" + }, + { + "url": "https://www.knx.org/knx-en/for-professionals/software/ets-5-professional/", + "refsource": "MISC", + "name": "https://www.knx.org/knx-en/for-professionals/software/ets-5-professional/" + } + ] + } +} \ No newline at end of file