From 4d8abdddd02bd6268189552ff93506fcbb58be2b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 12 Apr 2021 20:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/15xxx/CVE-2019-15059.json | 62 ++++++++++++++++++++++++++++++++++ 2021/21xxx/CVE-2021-21524.json | 43 +++++++++++------------ 2021/21xxx/CVE-2021-21545.json | 43 +++++++++++------------ 3 files changed, 106 insertions(+), 42 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15059.json diff --git a/2019/15xxx/CVE-2019-15059.json b/2019/15xxx/CVE-2019-15059.json new file mode 100644 index 00000000000..4137f0f02ae --- /dev/null +++ b/2019/15xxx/CVE-2019-15059.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/famatte69/52e6ad03d0f23428b92bd029c856112c", + "url": "https://gist.github.com/famatte69/52e6ad03d0f23428b92bd029c856112c" + } + ] + } +} \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21524.json b/2021/21xxx/CVE-2021-21524.json index 503ffd9e40c..bff86eb80d0 100644 --- a/2021/21xxx/CVE-2021-21524.json +++ b/2021/21xxx/CVE-2021-21524.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-03-30", - "ID": "CVE-2021-21524", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-03-30", + "ID": "CVE-2021-21524", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Dell EMC Storage Monitoring and Reporting", + "product_name": "Dell EMC Storage Monitoring and Reporting", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "4.5.0.1" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers." } ] - }, + }, "impact": { "cvss": { - "baseScore": 9.8, - "baseSeverity": "Critical", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-502: Deserialization of Untrusted Data" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000184753/dsa-2021-054-dell-emc-srm-and-dell-emc-storage-monitoring-and-reporting-smr-security-update-for-multiple-vulnerabilities" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000184753/dsa-2021-054-dell-emc-srm-and-dell-emc-storage-monitoring-and-reporting-smr-security-update-for-multiple-vulnerabilities", + "name": "https://www.dell.com/support/kbdoc/en-us/000184753/dsa-2021-054-dell-emc-srm-and-dell-emc-storage-monitoring-and-reporting-smr-security-update-for-multiple-vulnerabilities" } ] } diff --git a/2021/21xxx/CVE-2021-21545.json b/2021/21xxx/CVE-2021-21545.json index 303df194d58..950f421a349 100644 --- a/2021/21xxx/CVE-2021-21545.json +++ b/2021/21xxx/CVE-2021-21545.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-04-09", - "ID": "CVE-2021-21545", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-04-09", + "ID": "CVE-2021-21545", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "Dell Peripheral Manager", + "product_name": "Dell Peripheral Manager", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "1.3.1" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.8, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-427: Uncontrolled Search Path Element" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000185100/dsa-2021-079-dell-client-security-update-for-dell-peripheral-manager-local-privilege-escalation-vulnerability" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000185100/dsa-2021-079-dell-client-security-update-for-dell-peripheral-manager-local-privilege-escalation-vulnerability", + "name": "https://www.dell.com/support/kbdoc/en-us/000185100/dsa-2021-079-dell-client-security-update-for-dell-peripheral-manager-local-privilege-escalation-vulnerability" } ] }