From 40175dbf3d50a4bc89bb30f669ec268a01a4f20f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Oct 2021 16:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/35xxx/CVE-2021-35214.json | 92 +++++++++++++++++++++++++++++++--- 2021/37xxx/CVE-2021-37732.json | 62 +++++++++++++++++++++-- 2021/37xxx/CVE-2021-37734.json | 65 ++++++++++++++++++++++-- 2021/37xxx/CVE-2021-37735.json | 56 +++++++++++++++++++-- 2021/38xxx/CVE-2021-38153.json | 10 ++++ 2021/3xxx/CVE-2021-3881.json | 18 +++++++ 2021/3xxx/CVE-2021-3882.json | 18 +++++++ 7 files changed, 306 insertions(+), 15 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3881.json create mode 100644 2021/3xxx/CVE-2021-3882.json diff --git a/2021/35xxx/CVE-2021-35214.json b/2021/35xxx/CVE-2021-35214.json index 219a5a77b4d..156ef79b293 100644 --- a/2021/35xxx/CVE-2021-35214.json +++ b/2021/35xxx/CVE-2021-35214.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@solarwinds.com", "ID": "CVE-2021-35214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pingdom", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "prior to 13.09.2021", + "version_value": "13.09.2021" + } + ] + } + } + ] + }, + "vendor_name": "SolarWinds" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Taseer Hussain " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vulnerability can be described as a failure to invalidate user session upon password change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session Management Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35214", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35214" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This Vulnerability have been fixed on September 13, 2021" + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37732.json b/2021/37xxx/CVE-2021-37732.json index 155bec5c065..121083bd53c 100644 --- a/2021/37xxx/CVE-2021-37732.json +++ b/2021/37xxx/CVE-2021-37732.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Aruba Instant (IAP)", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below" + }, + { + "version_value": "Aruba Instant 6.5.x.x: 6.5.4.18 and below" + }, + { + "version_value": "Aruba Instant 8.5.x.x: 8.5.0.11 and below" + }, + { + "version_value": "Aruba Instant 8.6.x.x: 8.6.0.6 and below" + }, + { + "version_value": "Aruba Instant 8.7.x.x: 8.7.1.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37734.json b/2021/37xxx/CVE-2021-37734.json index 5d6f249d6b5..b9cc1b45508 100644 --- a/2021/37xxx/CVE-2021-37734.json +++ b/2021/37xxx/CVE-2021-37734.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37734", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Aruba Instant (IAP)", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below" + }, + { + "version_value": "Aruba Instant 6.5.x.x: 6.5.4.19 and below" + }, + { + "version_value": "Aruba Instant 8.5.x.x: 8.5.0.12 and below" + }, + { + "version_value": "Aruba Instant 8.6.x.x: 8.6.0.11 and below" + }, + { + "version_value": "Aruba Instant 8.7.x.x: 8.7.1.3 and below" + }, + { + "version_value": "Aruba Instant 8.8.x.x: 8.8.0.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote unauthorized read access to files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37735.json b/2021/37xxx/CVE-2021-37735.json index 76c3b2cefd4..c43ca6306f4 100644 --- a/2021/37xxx/CVE-2021-37735.json +++ b/2021/37xxx/CVE-2021-37735.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Aruba Instant (IAP)", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.5.x.x: 6.5.4.18 and below" + }, + { + "version_value": "Aruba Instant 8.5.x.x: 8.5.0.10 and below" + }, + { + "version_value": "Aruba Instant 8.6.x.x: 8.6.0.4 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability." } ] } diff --git a/2021/38xxx/CVE-2021-38153.json b/2021/38xxx/CVE-2021-38153.json index 86653d416d5..5beb4a6b76f 100644 --- a/2021/38xxx/CVE-2021-38153.json +++ b/2021/38xxx/CVE-2021-38153.json @@ -118,6 +118,16 @@ "refsource": "MLIST", "name": "[kafka-dev] 20211007 Re: CVE Back Port?", "url": "https://lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c@%3Cdev.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-dev] 20211012 [VOTE] 2.6.3 RC0", + "url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be@%3Cdev.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-users] 20211012 [VOTE] 2.6.3 RC0", + "url": "https://lists.apache.org/thread.html/r45cc0602d5f2cbb72e48896dfadf5e5b87ed85630449598b40e8f0be@%3Cusers.kafka.apache.org%3E" } ] }, diff --git a/2021/3xxx/CVE-2021-3881.json b/2021/3xxx/CVE-2021-3881.json new file mode 100644 index 00000000000..749d70e6fe0 --- /dev/null +++ b/2021/3xxx/CVE-2021-3881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3882.json b/2021/3xxx/CVE-2021-3882.json new file mode 100644 index 00000000000..67d66eb1a5c --- /dev/null +++ b/2021/3xxx/CVE-2021-3882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file