From 4e45ffec8edeb016fb28f22ab8ed1fb0989b4f47 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 7 Oct 2021 15:00:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/22xxx/CVE-2021-22557.json | 5 +++ 2021/28xxx/CVE-2021-28661.json | 61 ++++++++++++++++++++++++++++++---- 2021/33xxx/CVE-2021-33903.json | 56 +++++++++++++++++++++++++++---- 2021/35xxx/CVE-2021-35067.json | 61 ++++++++++++++++++++++++++++++---- 2021/35xxx/CVE-2021-35491.json | 5 +++ 2021/35xxx/CVE-2021-35492.json | 5 +++ 2021/41xxx/CVE-2021-41773.json | 5 +++ 2021/41xxx/CVE-2021-41794.json | 56 +++++++++++++++++++++++++++---- 2021/42xxx/CVE-2021-42061.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42062.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42063.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42064.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42065.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42066.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42067.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42068.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42069.json | 18 ++++++++++ 2021/42xxx/CVE-2021-42070.json | 18 ++++++++++ 18 files changed, 410 insertions(+), 24 deletions(-) create mode 100644 2021/42xxx/CVE-2021-42061.json create mode 100644 2021/42xxx/CVE-2021-42062.json create mode 100644 2021/42xxx/CVE-2021-42063.json create mode 100644 2021/42xxx/CVE-2021-42064.json create mode 100644 2021/42xxx/CVE-2021-42065.json create mode 100644 2021/42xxx/CVE-2021-42066.json create mode 100644 2021/42xxx/CVE-2021-42067.json create mode 100644 2021/42xxx/CVE-2021-42068.json create mode 100644 2021/42xxx/CVE-2021-42069.json create mode 100644 2021/42xxx/CVE-2021-42070.json diff --git a/2021/22xxx/CVE-2021-22557.json b/2021/22xxx/CVE-2021-22557.json index 823a63d39a5..f60812b2b82 100644 --- a/2021/22xxx/CVE-2021-22557.json +++ b/2021/22xxx/CVE-2021-22557.json @@ -83,6 +83,11 @@ "refsource": "MISC", "url": "https://github.com/google/slo-generator/pull/173", "name": "https://github.com/google/slo-generator/pull/173" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/164426/Google-SLO-Generator-2.0.0-Code-Execution.html" } ] }, diff --git a/2021/28xxx/CVE-2021-28661.json b/2021/28xxx/CVE-2021-28661.json index e44f5426804..4df2b2c9a48 100644 --- a/2021/28xxx/CVE-2021-28661.json +++ b/2021/28xxx/CVE-2021-28661.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28661", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28661", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/silverstripe/silverstripe-graphql/releases", + "refsource": "MISC", + "name": "https://github.com/silverstripe/silverstripe-graphql/releases" + }, + { + "refsource": "MISC", + "name": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661", + "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661" } ] } diff --git a/2021/33xxx/CVE-2021-33903.json b/2021/33xxx/CVE-2021-33903.json index 09778c5838a..bfe8d4cb1ac 100644 --- a/2021/33xxx/CVE-2021-33903.json +++ b/2021/33xxx/CVE-2021-33903.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33903", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33903", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.nmedv.de/wp-content/uploads/2021/09/NME-2021-001.txt", + "url": "https://www.nmedv.de/wp-content/uploads/2021/09/NME-2021-001.txt" } ] } diff --git a/2021/35xxx/CVE-2021-35067.json b/2021/35xxx/CVE-2021-35067.json index 1af57df3d1d..36339d3a469 100644 --- a/2021/35xxx/CVE-2021-35067.json +++ b/2021/35xxx/CVE-2021-35067.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35067", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35067", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://infosec.rm-it.de/?p=878&preview=1&_ppp=219bc85c2f", + "refsource": "MISC", + "name": "https://infosec.rm-it.de/?p=878&preview=1&_ppp=219bc85c2f" + }, + { + "refsource": "MISC", + "name": "https://infosec.rm-it.de/2021/06/18/meross-smart-wi-fi-garage-door-opener-analysis/", + "url": "https://infosec.rm-it.de/2021/06/18/meross-smart-wi-fi-garage-door-opener-analysis/" } ] } diff --git a/2021/35xxx/CVE-2021-35491.json b/2021/35xxx/CVE-2021-35491.json index 1b5a4e2a6c8..31b46fb3700 100644 --- a/2021/35xxx/CVE-2021-35491.json +++ b/2021/35xxx/CVE-2021-35491.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.gruppotim.it/redteam", "url": "https://www.gruppotim.it/redteam" + }, + { + "refsource": "MISC", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notes" } ] } diff --git a/2021/35xxx/CVE-2021-35492.json b/2021/35xxx/CVE-2021-35492.json index 6b3aca39c90..81d313c6ef9 100644 --- a/2021/35xxx/CVE-2021-35492.json +++ b/2021/35xxx/CVE-2021-35492.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.gruppotim.it/redteam", "url": "https://www.gruppotim.it/redteam" + }, + { + "refsource": "MISC", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-14-release-notes" } ] } diff --git a/2021/41xxx/CVE-2021-41773.json b/2021/41xxx/CVE-2021-41773.json index d38ab9a729c..e97c18942e5 100644 --- a/2021/41xxx/CVE-2021-41773.json +++ b/2021/41xxx/CVE-2021-41773.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[oss-security] 20211007 RE: CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49", "url": "http://www.openwall.com/lists/oss-security/2021/10/07/1" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html" } ] }, diff --git a/2021/41xxx/CVE-2021-41794.json b/2021/41xxx/CVE-2021-41794.json index 4f466f03a03..e123bfa92bc 100644 --- a/2021/41xxx/CVE-2021-41794.json +++ b/2021/41xxx/CVE-2021-41794.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41794", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41794", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with \"internet\" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://research.nccgroup.com/2021/10/06/technical-advisory-open5gs-stack-buffer-overflow-during-pfcp-session-establishment-on-upf-cve-2021-41794", + "url": "https://research.nccgroup.com/2021/10/06/technical-advisory-open5gs-stack-buffer-overflow-during-pfcp-session-establishment-on-upf-cve-2021-41794" } ] } diff --git a/2021/42xxx/CVE-2021-42061.json b/2021/42xxx/CVE-2021-42061.json new file mode 100644 index 00000000000..7b052d5f966 --- /dev/null +++ b/2021/42xxx/CVE-2021-42061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42062.json b/2021/42xxx/CVE-2021-42062.json new file mode 100644 index 00000000000..b99c137b9c0 --- /dev/null +++ b/2021/42xxx/CVE-2021-42062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42063.json b/2021/42xxx/CVE-2021-42063.json new file mode 100644 index 00000000000..852ff131f4b --- /dev/null +++ b/2021/42xxx/CVE-2021-42063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42064.json b/2021/42xxx/CVE-2021-42064.json new file mode 100644 index 00000000000..3f04279e4b3 --- /dev/null +++ b/2021/42xxx/CVE-2021-42064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42065.json b/2021/42xxx/CVE-2021-42065.json new file mode 100644 index 00000000000..c16bc78be92 --- /dev/null +++ b/2021/42xxx/CVE-2021-42065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42066.json b/2021/42xxx/CVE-2021-42066.json new file mode 100644 index 00000000000..5438f1d3285 --- /dev/null +++ b/2021/42xxx/CVE-2021-42066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42067.json b/2021/42xxx/CVE-2021-42067.json new file mode 100644 index 00000000000..2c9de6a2a02 --- /dev/null +++ b/2021/42xxx/CVE-2021-42067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42068.json b/2021/42xxx/CVE-2021-42068.json new file mode 100644 index 00000000000..252fdbcb697 --- /dev/null +++ b/2021/42xxx/CVE-2021-42068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42069.json b/2021/42xxx/CVE-2021-42069.json new file mode 100644 index 00000000000..b46b66d451e --- /dev/null +++ b/2021/42xxx/CVE-2021-42069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42070.json b/2021/42xxx/CVE-2021-42070.json new file mode 100644 index 00000000000..ddc812b8e81 --- /dev/null +++ b/2021/42xxx/CVE-2021-42070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file