From 3e4884f807b3f6e33badb27fa306c29a79d0e47d Mon Sep 17 00:00:00 2001 From: Scott Moore - IBM Date: Wed, 7 Jul 2021 12:28:22 -0400 Subject: [PATCH 01/38] IBM20210707-122822 Added CVE-2021-20474, CVE-2021-20379, CVE-2021-20416, CVE-2021-29759, CVE-2021-20417, CVE-2021-20378, CVE-2021-20415 --- 2021/20xxx/CVE-2021-20378.json | 105 ++++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20379.json | 105 ++++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20415.json | 102 +++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20416.json | 105 ++++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20417.json | 102 +++++++++++++++++++++++++----- 2021/20xxx/CVE-2021-20474.json | 105 ++++++++++++++++++++++++++----- 2021/29xxx/CVE-2021-29759.json | 111 ++++++++++++++++++++++++++++----- 7 files changed, 630 insertions(+), 105 deletions(-) diff --git a/2021/20xxx/CVE-2021-20378.json b/2021/20xxx/CVE-2021-20378.json index 31c9ab52219..e741af24bfb 100644 --- a/2021/20xxx/CVE-2021-20378.json +++ b/2021/20xxx/CVE-2021-20378.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-07-06T00:00:00", + "ID" : "CVE-2021-20378", + "STATE" : "PUBLIC" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Gain Privileges", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" + }, + "BM" : { + "I" : "L", + "UI" : "N", + "C" : "L", + "SCORE" : "6.300", + "AC" : "L", + "S" : "U", + "AV" : "N", + "PR" : "L", + "A" : "L" + } + } + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6469407", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6469407 (Guardium Data Encryption)", + "name" : "https://www.ibm.com/support/pages/node/6469407" + }, + { + "name" : "ibm-guardium-cve202120378-sessoin-fixation (195709)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195709", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.0.0.2" + }, + { + "version_value" : "4.0.0.4" + } + ] + }, + "product_name" : "Guardium Data Encryption" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2021/20xxx/CVE-2021-20379.json b/2021/20xxx/CVE-2021-20379.json index 29c21ab800d..82f84015848 100644 --- a/2021/20xxx/CVE-2021-20379.json +++ b/2021/20xxx/CVE-2021-20379.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20379", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Guardium Data Encryption", + "version" : { + "version_data" : [ + { + "version_value" : "3.0.0.2" + }, + { + "version_value" : "4.0.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "I" : "N", + "UI" : "N", + "C" : "H", + "SCORE" : "5.900", + "S" : "U", + "AC" : "H", + "A" : "N", + "AV" : "N", + "PR" : "N" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6469407", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6469407 (Guardium Data Encryption)", + "name" : "https://www.ibm.com/support/pages/node/6469407" + }, + { + "name" : "ibm-guardium-cve202120379-info-disc (195711)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195711" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-07-06T00:00:00", + "ID" : "CVE-2021-20379", + "STATE" : "PUBLIC" + } +} diff --git a/2021/20xxx/CVE-2021-20415.json b/2021/20xxx/CVE-2021-20415.json index e153f61ec3f..ec21cc83ff3 100644 --- a/2021/20xxx/CVE-2021-20415.json +++ b/2021/20xxx/CVE-2021-20415.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-07-06T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2021-20415" + }, + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "4.0.0.4" + } + ] + }, + "product_name" : "Guardium Data Encryption" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "value" : "IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.", + "lang" : "eng" + } + ] + }, + "data_type" : "CVE", + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6469691", + "title" : "IBM Security Bulletin 6469691 (Guardium Data Encryption)", + "url" : "https://www.ibm.com/support/pages/node/6469691", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-gde-cve202120415-info-disc (196217)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196217", + "refsource" : "XF", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "A" : "N", + "AV" : "N", + "PR" : "N", + "AC" : "H", + "S" : "U", + "C" : "H", + "SCORE" : "5.900", + "I" : "N", + "UI" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + } +} diff --git a/2021/20xxx/CVE-2021-20416.json b/2021/20xxx/CVE-2021-20416.json index fe3c3eaa1da..205feacf941 100644 --- a/2021/20xxx/CVE-2021-20416.json +++ b/2021/20xxx/CVE-2021-20416.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "BM" : { + "S" : "U", + "AC" : "H", + "PR" : "N", + "AV" : "N", + "A" : "N", + "UI" : "N", + "I" : "N", + "SCORE" : "3.700", + "C" : "L" + }, + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + } + } + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6469407", + "title" : "IBM Security Bulletin 6469407 (Guardium Data Encryption)", + "url" : "https://www.ibm.com/support/pages/node/6469407", + "refsource" : "CONFIRM" + }, + { + "name" : "ibm-gde-cve202120416-info-disc (196218)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196218", + "refsource" : "XF" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218." + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Guardium Data Encryption", + "version" : { + "version_data" : [ + { + "version_value" : "3.0.0.2" + }, + { + "version_value" : "4.0.0.4" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ID" : "CVE-2021-20416", + "STATE" : "PUBLIC", + "DATE_PUBLIC" : "2021-07-06T00:00:00", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE" +} diff --git a/2021/20xxx/CVE-2021-20417.json b/2021/20xxx/CVE-2021-20417.json index b8b051fc4dc..fffa3bfedf9 100644 --- a/2021/20xxx/CVE-2021-20417.json +++ b/2021/20xxx/CVE-2021-20417.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20417", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "product_name" : "Guardium Data Encryption", + "version" : { + "version_data" : [ + { + "version_value" : "4.0.0.4" + } + ] + } + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "references" : { + "reference_data" : [ + { + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/support/pages/node/6469691", + "title" : "IBM Security Bulletin 6469691 (Guardium Data Encryption)", + "name" : "https://www.ibm.com/support/pages/node/6469691" + }, + { + "name" : "ibm-gde-cve202120417-info-disc (196219)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196219", + "title" : "X-Force Vulnerability Report" + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "UI" : "N", + "I" : "N", + "SCORE" : "4.300", + "C" : "L", + "S" : "U", + "AC" : "L", + "PR" : "L", + "AV" : "N", + "A" : "N" + }, + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + } + } + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta" : { + "DATE_PUBLIC" : "2021-07-06T00:00:00", + "ID" : "CVE-2021-20417", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com" + }, + "data_version" : "4.0" +} diff --git a/2021/20xxx/CVE-2021-20474.json b/2021/20xxx/CVE-2021-20474.json index 0cbee244e34..cbfb0f4ee8a 100644 --- a/2021/20xxx/CVE-2021-20474.json +++ b/2021/20xxx/CVE-2021-20474.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-20474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "description" : { + "description_data" : [ + { + "value" : "IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.", + "lang" : "eng" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "3.0.0.2" + }, + { + "version_value" : "4.0.0.4" + } + ] + }, + "product_name" : "Guardium Data Encryption" + } + ] + } } - ] - } -} \ No newline at end of file + ] + } + }, + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "E" : "U", + "RC" : "C" + }, + "BM" : { + "AC" : "L", + "S" : "U", + "A" : "N", + "AV" : "N", + "PR" : "N", + "I" : "L", + "UI" : "N", + "C" : "L", + "SCORE" : "6.500" + } + } + }, + "references" : { + "reference_data" : [ + { + "title" : "IBM Security Bulletin 6469407 (Guardium Data Encryption)", + "url" : "https://www.ibm.com/support/pages/node/6469407", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6469407" + }, + { + "name" : "ibm-gde-cve202120474-missing-auth (196945)", + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196945" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Gain Access" + } + ] + } + ] + }, + "data_format" : "MITRE", + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-07-06T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2021-20474" + } +} diff --git a/2021/29xxx/CVE-2021-29759.json b/2021/29xxx/CVE-2021-29759.json index 664f46e59cf..926bd354fe3 100644 --- a/2021/29xxx/CVE-2021-29759.json +++ b/2021/29xxx/CVE-2021-29759.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-29759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "data_type" : "CVE", + "impact" : { + "cvssv3" : { + "TM" : { + "RL" : "O", + "RC" : "C", + "E" : "U" + }, + "BM" : { + "C" : "H", + "SCORE" : "4.400", + "I" : "N", + "UI" : "N", + "AV" : "L", + "PR" : "H", + "A" : "N", + "AC" : "L", + "S" : "U" + } + } + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/support/pages/node/6469449", + "url" : "https://www.ibm.com/support/pages/node/6469449", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6469449 (App Connect Enterprise Certified Container)" + }, + { + "name" : "ibm-appconnect-cve202129759-info-disc (202212)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212", + "refsource" : "XF" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "App Connect Enterprise Certified Container", + "version" : { + "version_data" : [ + { + "version_value" : "1.0" + }, + { + "version_value" : "1.1" + }, + { + "version_value" : "1.2" + }, + { + "version_value" : "1.3" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212." + } + ] + }, + "data_version" : "4.0", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-07-06T00:00:00", + "STATE" : "PUBLIC", + "ID" : "CVE-2021-29759" + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_format" : "MITRE" +} From 92579aab75f6711999ae6be133492a4236615564 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Jul 2021 17:00:55 +0000 Subject: [PATCH 02/38] "-Synchronized-Data." --- 2021/20xxx/CVE-2021-20378.json | 180 +++++++++++++++---------------- 2021/20xxx/CVE-2021-20379.json | 182 +++++++++++++++---------------- 2021/20xxx/CVE-2021-20415.json | 174 +++++++++++++++--------------- 2021/20xxx/CVE-2021-20416.json | 180 +++++++++++++++---------------- 2021/20xxx/CVE-2021-20417.json | 172 ++++++++++++++--------------- 2021/21xxx/CVE-2021-21786.json | 50 ++++++++- 2021/21xxx/CVE-2021-21787.json | 50 ++++++++- 2021/21xxx/CVE-2021-21788.json | 50 ++++++++- 2021/21xxx/CVE-2021-21789.json | 50 ++++++++- 2021/29xxx/CVE-2021-29759.json | 192 ++++++++++++++++----------------- 10 files changed, 728 insertions(+), 552 deletions(-) diff --git a/2021/20xxx/CVE-2021-20378.json b/2021/20xxx/CVE-2021-20378.json index e741af24bfb..71f5584992b 100644 --- a/2021/20xxx/CVE-2021-20378.json +++ b/2021/20xxx/CVE-2021-20378.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-07-06T00:00:00", - "ID" : "CVE-2021-20378", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Privileges", - "lang" : "eng" - } - ] - } - ] - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "I" : "L", - "UI" : "N", - "C" : "L", - "SCORE" : "6.300", - "AC" : "L", - "S" : "U", - "AV" : "N", - "PR" : "L", - "A" : "L" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6469407", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6469407 (Guardium Data Encryption)", - "name" : "https://www.ibm.com/support/pages/node/6469407" - }, - { - "name" : "ibm-guardium-cve202120378-sessoin-fixation (195709)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195709", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-07-06T00:00:00", + "ID": "CVE-2021-20378", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0.2" - }, - { - "version_value" : "4.0.0.4" - } - ] - }, - "product_name" : "Guardium Data Encryption" - } - ] - } + "description": [ + { + "value": "Gain Privileges", + "lang": "eng" + } + ] } - ] - } - } -} + ] + }, + "data_format": "MITRE", + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "I": "L", + "UI": "N", + "C": "L", + "SCORE": "6.300", + "AC": "L", + "S": "U", + "AV": "N", + "PR": "L", + "A": "L" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6469407", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6469407 (Guardium Data Encryption)", + "name": "https://www.ibm.com/support/pages/node/6469407" + }, + { + "name": "ibm-guardium-cve202120378-sessoin-fixation (195709)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195709", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 195709." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.0.0.2" + }, + { + "version_value": "4.0.0.4" + } + ] + }, + "product_name": "Guardium Data Encryption" + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20379.json b/2021/20xxx/CVE-2021-20379.json index 82f84015848..32fea950fa6 100644 --- a/2021/20xxx/CVE-2021-20379.json +++ b/2021/20xxx/CVE-2021-20379.json @@ -1,93 +1,93 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Guardium Data Encryption", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0.2" - }, - { - "version_value" : "4.0.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "UI" : "N", - "C" : "H", - "SCORE" : "5.900", - "S" : "U", - "AC" : "H", - "A" : "N", - "AV" : "N", - "PR" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6469407", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6469407 (Guardium Data Encryption)", - "name" : "https://www.ibm.com/support/pages/node/6469407" - }, - { - "name" : "ibm-guardium-cve202120379-info-disc (195711)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/195711" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Guardium Data Encryption", + "version": { + "version_data": [ + { + "version_value": "3.0.0.2" + }, + { + "version_value": "4.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-07-06T00:00:00", - "ID" : "CVE-2021-20379", - "STATE" : "PUBLIC" - } -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195711.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "UI": "N", + "C": "H", + "SCORE": "5.900", + "S": "U", + "AC": "H", + "A": "N", + "AV": "N", + "PR": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6469407", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6469407 (Guardium Data Encryption)", + "name": "https://www.ibm.com/support/pages/node/6469407" + }, + { + "name": "ibm-guardium-cve202120379-info-disc (195711)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195711" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-07-06T00:00:00", + "ID": "CVE-2021-20379", + "STATE": "PUBLIC" + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20415.json b/2021/20xxx/CVE-2021-20415.json index ec21cc83ff3..64e2c66d426 100644 --- a/2021/20xxx/CVE-2021-20415.json +++ b/2021/20xxx/CVE-2021-20415.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-07-06T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2021-20415" - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "4.0.0.4" - } - ] - }, - "product_name" : "Guardium Data Encryption" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6469691", - "title" : "IBM Security Bulletin 6469691 (Guardium Data Encryption)", - "url" : "https://www.ibm.com/support/pages/node/6469691", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-gde-cve202120415-info-disc (196217)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196217", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AV" : "N", - "PR" : "N", - "AC" : "H", - "S" : "U", - "C" : "H", - "SCORE" : "5.900", - "I" : "N", - "UI" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - } -} + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-07-06T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2021-20415" + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "4.0.0.4" + } + ] + }, + "product_name": "Guardium Data Encryption" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6469691", + "title": "IBM Security Bulletin 6469691 (Guardium Data Encryption)", + "url": "https://www.ibm.com/support/pages/node/6469691", + "refsource": "CONFIRM" + }, + { + "name": "ibm-gde-cve202120415-info-disc (196217)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196217", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AV": "N", + "PR": "N", + "AC": "H", + "S": "U", + "C": "H", + "SCORE": "5.900", + "I": "N", + "UI": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20416.json b/2021/20xxx/CVE-2021-20416.json index 205feacf941..d13387a3abf 100644 --- a/2021/20xxx/CVE-2021-20416.json +++ b/2021/20xxx/CVE-2021-20416.json @@ -1,93 +1,93 @@ { - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "AC" : "H", - "PR" : "N", - "AV" : "N", - "A" : "N", - "UI" : "N", - "I" : "N", - "SCORE" : "3.700", - "C" : "L" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6469407", - "title" : "IBM Security Bulletin 6469407 (Guardium Data Encryption)", - "url" : "https://www.ibm.com/support/pages/node/6469407", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-gde-cve202120416-info-disc (196218)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196218", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Guardium Data Encryption", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0.2" - }, - { - "version_value" : "4.0.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_type": "CVE", + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "AC": "H", + "PR": "N", + "AV": "N", + "A": "N", + "UI": "N", + "I": "N", + "SCORE": "3.700", + "C": "L" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" } - ] - } - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2021-20416", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-07-06T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6469407", + "title": "IBM Security Bulletin 6469407 (Guardium Data Encryption)", + "url": "https://www.ibm.com/support/pages/node/6469407", + "refsource": "CONFIRM" + }, + { + "name": "ibm-gde-cve202120416-info-disc (196218)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196218", + "refsource": "XF" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Guardium Data Encryption", + "version": { + "version_data": [ + { + "version_value": "3.0.0.2" + }, + { + "version_value": "4.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-20416", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-07-06T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20417.json b/2021/20xxx/CVE-2021-20417.json index fffa3bfedf9..9d40fc14f04 100644 --- a/2021/20xxx/CVE-2021-20417.json +++ b/2021/20xxx/CVE-2021-20417.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Guardium Data Encryption", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.0.4" - } - ] - } - } - ] - } + "value": "IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219", + "lang": "eng" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6469691", - "title" : "IBM Security Bulletin 6469691 (Guardium Data Encryption)", - "name" : "https://www.ibm.com/support/pages/node/6469691" - }, - { - "name" : "ibm-gde-cve202120417-info-disc (196219)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/196219", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "I" : "N", - "SCORE" : "4.300", - "C" : "L", - "S" : "U", - "AC" : "L", - "PR" : "L", - "AV" : "N", - "A" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Guardium Data Encryption", + "version": { + "version_data": [ + { + "version_value": "4.0.0.4" + } + ] + } + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-07-06T00:00:00", - "ID" : "CVE-2021-20417", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0" -} + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6469691", + "title": "IBM Security Bulletin 6469691 (Guardium Data Encryption)", + "name": "https://www.ibm.com/support/pages/node/6469691" + }, + { + "name": "ibm-gde-cve202120417-info-disc (196219)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196219", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "I": "N", + "SCORE": "4.300", + "C": "L", + "S": "U", + "AC": "L", + "PR": "L", + "AV": "N", + "A": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "data_type": "CVE", + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-07-06T00:00:00", + "ID": "CVE-2021-20417", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21786.json b/2021/21xxx/CVE-2021-21786.json index 0dff11974c9..0038fe631fd 100644 --- a/2021/21xxx/CVE-2021-21786.json +++ b/2021/21xxx/CVE-2021-21786.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Iobit", + "version": { + "version_data": [ + { + "version_value": "IOBit Advanced SystemCare Ultimate 14.2.0.220" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1253", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1253" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21787.json b/2021/21xxx/CVE-2021-21787.json index c681c6c3845..37b4764fddc 100644 --- a/2021/21xxx/CVE-2021-21787.json +++ b/2021/21xxx/CVE-2021-21787.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Iobit", + "version": { + "version_data": [ + { + "version_value": "IOBit Advanced SystemCare Ultimate 14.2.0.220" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21788.json b/2021/21xxx/CVE-2021-21788.json index 7faa0c03f5f..21fa01e04cf 100644 --- a/2021/21xxx/CVE-2021-21788.json +++ b/2021/21xxx/CVE-2021-21788.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Iobit", + "version": { + "version_data": [ + { + "version_value": "IOBit Advanced SystemCare Ultimate 14.2.0.220" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction A local attacker can send a malicious IRP to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21789.json b/2021/21xxx/CVE-2021-21789.json index aa7477940fa..f961e755463 100644 --- a/2021/21xxx/CVE-2021-21789.json +++ b/2021/21xxx/CVE-2021-21789.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Iobit", + "version": { + "version_data": [ + { + "version_value": "IOBit Advanced SystemCare Ultimate 14.2.0.220" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254\"", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254\"" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction.. A local attacker can send a malicious IRP to trigger this vulnerability." } ] } diff --git a/2021/29xxx/CVE-2021-29759.json b/2021/29xxx/CVE-2021-29759.json index 926bd354fe3..80e64a8d0de 100644 --- a/2021/29xxx/CVE-2021-29759.json +++ b/2021/29xxx/CVE-2021-29759.json @@ -1,99 +1,99 @@ { - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "C" : "H", - "SCORE" : "4.400", - "I" : "N", - "UI" : "N", - "AV" : "L", - "PR" : "H", - "A" : "N", - "AC" : "L", - "S" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6469449", - "url" : "https://www.ibm.com/support/pages/node/6469449", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6469449 (App Connect Enterprise Certified Container)" - }, - { - "name" : "ibm-appconnect-cve202129759-info-disc (202212)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212", - "refsource" : "XF" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "App Connect Enterprise Certified Container", - "version" : { - "version_data" : [ - { - "version_value" : "1.0" - }, - { - "version_value" : "1.1" - }, - { - "version_value" : "1.2" - }, - { - "version_value" : "1.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "C": "H", + "SCORE": "4.400", + "I": "N", + "UI": "N", + "AV": "L", + "PR": "H", + "A": "N", + "AC": "L", + "S": "U" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212." - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-07-06T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2021-29759" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6469449", + "url": "https://www.ibm.com/support/pages/node/6469449", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6469449 (App Connect Enterprise Certified Container)" + }, + { + "name": "ibm-appconnect-cve202129759-info-disc (202212)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "App Connect Enterprise Certified Container", + "version": { + "version_data": [ + { + "version_value": "1.0" + }, + { + "version_value": "1.1" + }, + { + "version_value": "1.2" + }, + { + "version_value": "1.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_format" : "MITRE" -} + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212." + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-07-06T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2021-29759" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE" +} \ No newline at end of file From b6f3680b2f645fe7ed2ee6841a73076e1b61db67 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Jul 2021 18:00:48 +0000 Subject: [PATCH 03/38] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15877.json | 5 +++ 2021/21xxx/CVE-2021-21787.json | 2 +- 2021/21xxx/CVE-2021-21788.json | 2 +- 2021/21xxx/CVE-2021-21789.json | 6 +-- 2021/22xxx/CVE-2021-22911.json | 5 +++ 2021/27xxx/CVE-2021-27886.json | 5 +++ 2021/28xxx/CVE-2021-28113.json | 5 +++ 2021/36xxx/CVE-2021-36217.json | 67 ++++++++++++++++++++++++++++++++++ 8 files changed, 92 insertions(+), 5 deletions(-) create mode 100644 2021/36xxx/CVE-2021-36217.json diff --git a/2018/15xxx/CVE-2018-15877.json b/2018/15xxx/CVE-2018-15877.json index 3b99b5e856a..a23ac1b5a22 100644 --- a/2018/15xxx/CVE-2018-15877.json +++ b/2018/15xxx/CVE-2018-15877.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-Monitor-20161228-Remote-Command-Execution.html", "url": "http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-Monitor-20161228-Remote-Command-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163425/WordPress-Plainview-Activity-Monitor-20161228-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/163425/WordPress-Plainview-Activity-Monitor-20161228-Remote-Code-Execution.html" } ] } diff --git a/2021/21xxx/CVE-2021-21787.json b/2021/21xxx/CVE-2021-21787.json index 37b4764fddc..318079dc09a 100644 --- a/2021/21xxx/CVE-2021-21787.json +++ b/2021/21xxx/CVE-2021-21787.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability." + "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users." } ] } diff --git a/2021/21xxx/CVE-2021-21788.json b/2021/21xxx/CVE-2021-21788.json index 21fa01e04cf..c03849530a3 100644 --- a/2021/21xxx/CVE-2021-21788.json +++ b/2021/21xxx/CVE-2021-21788.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction A local attacker can send a malicious IRP to trigger this vulnerability." + "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21789.json b/2021/21xxx/CVE-2021-21789.json index f961e755463..be37add53c9 100644 --- a/2021/21xxx/CVE-2021-21789.json +++ b/2021/21xxx/CVE-2021-21789.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254\"", - "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254\"" + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction.. A local attacker can send a malicious IRP to trigger this vulnerability." + "value": "A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability." } ] } diff --git a/2021/22xxx/CVE-2021-22911.json b/2021/22xxx/CVE-2021-22911.json index 7e432ed7087..e21b615faec 100644 --- a/2021/22xxx/CVE-2021-22911.json +++ b/2021/22xxx/CVE-2021-22911.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html", "url": "http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.html" } ] }, diff --git a/2021/27xxx/CVE-2021-27886.json b/2021/27xxx/CVE-2021-27886.json index 5f49a3538df..8ce0d06d35d 100644 --- a/2021/27xxx/CVE-2021-27886.json +++ b/2021/27xxx/CVE-2021-27886.json @@ -66,6 +66,11 @@ "url": "https://www.docker.com/legal/trademark-guidelines", "refsource": "MISC", "name": "https://www.docker.com/legal/trademark-guidelines" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163416/Docker-Dashboard-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/163416/Docker-Dashboard-Remote-Command-Execution.html" } ] } diff --git a/2021/28xxx/CVE-2021-28113.json b/2021/28xxx/CVE-2021-28113.json index 98f9130aed4..2da12984d19 100644 --- a/2021/28xxx/CVE-2021-28113.json +++ b/2021/28xxx/CVE-2021-28113.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.okta.com/security-advisories/cve-2021-28113", "url": "https://www.okta.com/security-advisories/cve-2021-28113" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html", + "url": "http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html" } ] }, diff --git a/2021/36xxx/CVE-2021-36217.json b/2021/36xxx/CVE-2021-36217.json new file mode 100644 index 00000000000..a33e920988c --- /dev/null +++ b/2021/36xxx/CVE-2021-36217.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-36217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a \"ping .local\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c", + "refsource": "MISC", + "name": "https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1188083", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1188083" + } + ] + } +} \ No newline at end of file From b447ec859a43fd1723e3dc63312b49cd665ab5ee Mon Sep 17 00:00:00 2001 From: jpattrendmicro Date: Wed, 7 Jul 2021 11:47:36 -0700 Subject: [PATCH 04/38] Trend Micro CVE 07072021 Trend Micro CVE 07072021 --- 2021/32xxx/CVE-2021-32461.json | 79 ++++++++++++++++++++++++++-------- 2021/32xxx/CVE-2021-32462.json | 79 ++++++++++++++++++++++++++-------- 2 files changed, 124 insertions(+), 34 deletions(-) diff --git a/2021/32xxx/CVE-2021-32461.json b/2021/32xxx/CVE-2021-32461.json index 9dc5ef091fe..cdd7ec368b7 100644 --- a/2021/32xxx/CVE-2021-32461.json +++ b/2021/32xxx/CVE-2021-32461.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-32461", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2021-32461", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Password Manager", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0.1217 and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations.\r\n\r\nAn attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Integer Truncation Priv Escalation" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388" + }, + { + "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-773/" + } + ] + } +} diff --git a/2021/32xxx/CVE-2021-32462.json b/2021/32xxx/CVE-2021-32462.json index e2eb9ab04e7..df691b6929c 100644 --- a/2021/32xxx/CVE-2021-32462.json +++ b/2021/32xxx/CVE-2021-32462.json @@ -1,18 +1,63 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-32462", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta" : { + "ASSIGNER" : "security@trendmicro.com", + "ID" : "CVE-2021-32462", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Trend Micro Password Manager", + "version" : { + "version_data" : [ + { + "version_value" : "5.0.0.1217 and below" + } + ] + } + } + ] + }, + "vendor_name" : "Trend Micro" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations.\r\n\r\nAuthentication is required to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Exposed Hazardous Function RCE" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388" + }, + { + "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-774/" + } + ] + } +} From 45693ef10339a3893075ca356cefdc988a57e775 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Jul 2021 19:00:48 +0000 Subject: [PATCH 05/38] "-Synchronized-Data." --- 2020/23xxx/CVE-2020-23700.json | 56 +++++++++++++++++++++++++++---- 2020/23xxx/CVE-2020-23702.json | 61 ++++++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36218.json | 18 ++++++++++ 2021/36xxx/CVE-2021-36219.json | 18 ++++++++++ 4 files changed, 141 insertions(+), 12 deletions(-) create mode 100644 2021/36xxx/CVE-2021-36218.json create mode 100644 2021/36xxx/CVE-2021-36219.json diff --git a/2020/23xxx/CVE-2020-23700.json b/2020/23xxx/CVE-2020-23700.json index 3b0aad809f5..c4837523b32 100644 --- a/2020/23xxx/CVE-2020-23700.json +++ b/2020/23xxx/CVE-2020-23700.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23700", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23700", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LavaLite/cms/issues/319", + "refsource": "MISC", + "name": "https://github.com/LavaLite/cms/issues/319" } ] } diff --git a/2020/23xxx/CVE-2020-23702.json b/2020/23xxx/CVE-2020-23702.json index 92c5b28bc7c..f140949f052 100644 --- a/2020/23xxx/CVE-2020-23702.json +++ b/2020/23xxx/CVE-2020-23702.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23702", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23702", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://user-images.githubusercontent.com/62001260/82175522-47169980-98fe-11ea-9a8e-93622aab7cf4.PNG", + "refsource": "MISC", + "name": "https://user-images.githubusercontent.com/62001260/82175522-47169980-98fe-11ea-9a8e-93622aab7cf4.PNG" + }, + { + "refsource": "MISC", + "name": "https://github.com/phpfusion/PHPFusion/issues/2328", + "url": "https://github.com/phpfusion/PHPFusion/issues/2328" } ] } diff --git a/2021/36xxx/CVE-2021-36218.json b/2021/36xxx/CVE-2021-36218.json new file mode 100644 index 00000000000..b4b00bc44ed --- /dev/null +++ b/2021/36xxx/CVE-2021-36218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36219.json b/2021/36xxx/CVE-2021-36219.json new file mode 100644 index 00000000000..8113fdb2eba --- /dev/null +++ b/2021/36xxx/CVE-2021-36219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 30d9742eae0743af75a8a41ae9dcd026c6571d5a Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:03:07 +0200 Subject: [PATCH 06/38] update CWE in CVE-2010-3843 --- 2010/3xxx/CVE-2010-3843.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2010/3xxx/CVE-2010-3843.json b/2010/3xxx/CVE-2010-3843.json index 5da99f4003f..44406934e27 100644 --- a/2010/3xxx/CVE-2010-3843.json +++ b/2010/3xxx/CVE-2010-3843.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-120" + "value": "CWE-787" } ] } From 485e3093acab4aae0d01a43b6082c5400c50ba54 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:03:16 +0200 Subject: [PATCH 07/38] update CWE in CVE-2018-25011 --- 2018/25xxx/CVE-2018-25011.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2018/25xxx/CVE-2018-25011.json b/2018/25xxx/CVE-2018-25011.json index 395bbb2af26..a893fb4d598 100644 --- a/2018/25xxx/CVE-2018-25011.json +++ b/2018/25xxx/CVE-2018-25011.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-119" + "value": "CWE-787" } ] } From fab315f088550208842056cf7ab4a6559958d346 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:03:25 +0200 Subject: [PATCH 08/38] update CWE in CVE-2020-10771 --- 2020/10xxx/CVE-2020-10771.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/10xxx/CVE-2020-10771.json b/2020/10xxx/CVE-2020-10771.json index 73fd8e6233b..09e5aa52a75 100644 --- a/2020/10xxx/CVE-2020-10771.json +++ b/2020/10xxx/CVE-2020-10771.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-20" + "value": "CWE-352" } ] } From 089a0cab30288f5f17d64f5a279376de97121eb6 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:03:38 +0200 Subject: [PATCH 09/38] update CWE in CVE-2020-35524 --- 2020/35xxx/CVE-2020-35524.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/35xxx/CVE-2020-35524.json b/2020/35xxx/CVE-2020-35524.json index c27038ae2ab..a6c823be5c4 100644 --- a/2020/35xxx/CVE-2020-35524.json +++ b/2020/35xxx/CVE-2020-35524.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-119" + "value": "CWE-787" } ] } From 7d2e6cabd5b9bb9c8081f628487815017998135e Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:03:49 +0200 Subject: [PATCH 10/38] update CWE in CVE-2020-36328 --- 2020/36xxx/CVE-2020-36328.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/36xxx/CVE-2020-36328.json b/2020/36xxx/CVE-2020-36328.json index f256bebef91..5a77d3aad1f 100644 --- a/2020/36xxx/CVE-2020-36328.json +++ b/2020/36xxx/CVE-2020-36328.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-119" + "value": "CWE-787" } ] } From 97c9076e7fa601e391530046aef58c2259460ea2 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:04:03 +0200 Subject: [PATCH 11/38] update CWE in CVE-2021-3412 --- 2021/3xxx/CVE-2021-3412.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2021/3xxx/CVE-2021-3412.json b/2021/3xxx/CVE-2021-3412.json index 7545cbb5ce2..21dbf0bfa07 100644 --- a/2021/3xxx/CVE-2021-3412.json +++ b/2021/3xxx/CVE-2021-3412.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-639" + "value": "CWE-307" } ] } From 028274222dc53d6367c2573befa2ba1b77d18497 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:04:15 +0200 Subject: [PATCH 12/38] update CWE in CVE-2021-3500 --- 2021/3xxx/CVE-2021-3500.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2021/3xxx/CVE-2021-3500.json b/2021/3xxx/CVE-2021-3500.json index 6433768a4f6..5310fe03bda 100644 --- a/2021/3xxx/CVE-2021-3500.json +++ b/2021/3xxx/CVE-2021-3500.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-119" + "value": "CWE-787" } ] } From 84d5bdbf8c88e5da0287a6011f67860ce1144849 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:04:25 +0200 Subject: [PATCH 13/38] update CWE in CVE-2021-3517 --- 2021/3xxx/CVE-2021-3517.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2021/3xxx/CVE-2021-3517.json b/2021/3xxx/CVE-2021-3517.json index 5b456fd76b5..b0a7eb0905d 100644 --- a/2021/3xxx/CVE-2021-3517.json +++ b/2021/3xxx/CVE-2021-3517.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-119" + "value": "CWE-787" } ] } From 8141d7610b4a0b7eabf522caa6da6fe95b6c2b7a Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:04:38 +0200 Subject: [PATCH 14/38] update CWE in CVE-2021-3564 --- 2021/3xxx/CVE-2021-3564.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2021/3xxx/CVE-2021-3564.json b/2021/3xxx/CVE-2021-3564.json index 14c5b86d86b..bca03a6281e 100644 --- a/2021/3xxx/CVE-2021-3564.json +++ b/2021/3xxx/CVE-2021-3564.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-416" + "value": "CWE-415" } ] } From e9dab7f72e9c0719cd4d8e6fd5c2a9b79f7c1b63 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:04:53 +0200 Subject: [PATCH 15/38] update CWE in CVE-2021-23169 --- 2021/23xxx/CVE-2021-23169.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2021/23xxx/CVE-2021-23169.json b/2021/23xxx/CVE-2021-23169.json index 9ea99bce6af..59172712d79 100644 --- a/2021/23xxx/CVE-2021-23169.json +++ b/2021/23xxx/CVE-2021-23169.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-119" + "value": "CWE-787" } ] } From a035392723eda4cfcedd38bbe0f9bb2e47781ad5 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:05:08 +0200 Subject: [PATCH 16/38] update CWE in CVE-2020-35517 --- 2020/35xxx/CVE-2020-35517.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/35xxx/CVE-2020-35517.json b/2020/35xxx/CVE-2020-35517.json index c0913545ab7..d762dee3344 100644 --- a/2020/35xxx/CVE-2020-35517.json +++ b/2020/35xxx/CVE-2020-35517.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-284" + "value": "CWE-269" } ] } From 642cd747c9fbd11e56b00ad3a611cb245eaa2649 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:10:49 +0200 Subject: [PATCH 17/38] update CWE in CVE-2010-4816 --- 2010/4xxx/CVE-2010-4816.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2010/4xxx/CVE-2010-4816.json b/2010/4xxx/CVE-2010-4816.json index b1c112cf262..ded2a3e0489 100644 --- a/2010/4xxx/CVE-2010-4816.json +++ b/2010/4xxx/CVE-2010-4816.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-400" + "value": "CWE-476" } ] } From 7d9121fe4ed4dd3e11a06eb153599b767acf6e42 Mon Sep 17 00:00:00 2001 From: Michael Kaplan Date: Wed, 7 Jul 2021 21:10:50 +0200 Subject: [PATCH 18/38] update CWE in CVE-2010-1435 --- 2010/1xxx/CVE-2010-1435.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2010/1xxx/CVE-2010-1435.json b/2010/1xxx/CVE-2010-1435.json index 93883942ebb..e3c68d289cb 100644 --- a/2010/1xxx/CVE-2010-1435.json +++ b/2010/1xxx/CVE-2010-1435.json @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-264" + "value": "CWE-863" } ] } From fe0de507c90737cb6ab40e3c9bacd831fa82b5ef Mon Sep 17 00:00:00 2001 From: "Shelby J. Cunningham" Date: Wed, 7 Jul 2021 15:23:39 -0400 Subject: [PATCH 19/38] Add CVE-2021-32714 for GHSA-5h46-h7hh-c6x9 --- 2021/32xxx/CVE-2021-32714.json | 77 +++++++++++++++++++++++++++++++--- 1 file changed, 71 insertions(+), 6 deletions(-) diff --git a/2021/32xxx/CVE-2021-32714.json b/2021/32xxx/CVE-2021-32714.json index 4f21499abdf..4a0546ef7b0 100644 --- a/2021/32xxx/CVE-2021-32714.json +++ b/2021/32xxx/CVE-2021-32714.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Integer Overflow in Chunked Transfer-Encoding" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "hyper", + "version": { + "version_data": [ + { + "version_value": "< 0.14.10" + } + ] + } + } + ] + }, + "vendor_name": "hyperium" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in \"request smuggling\" or \"desync attacks.\" The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers.\n\n" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9", + "refsource": "CONFIRM", + "url": "https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9" + } + ] + }, + "source": { + "advisory": "GHSA-5h46-h7hh-c6x9", + "discovery": "UNKNOWN" } } \ No newline at end of file From 39582759368063fb104fffa066040aa798aa07c0 Mon Sep 17 00:00:00 2001 From: "Shelby J. Cunningham" Date: Wed, 7 Jul 2021 16:00:42 -0400 Subject: [PATCH 20/38] Add CVE-2021-32715 for GHSA-f3pg-qwvg-p99c --- 2021/32xxx/CVE-2021-32715.json | 82 +++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/2021/32xxx/CVE-2021-32715.json b/2021/32xxx/CVE-2021-32715.json index c0a65458ac7..a7dc95ee98c 100644 --- a/2021/32xxx/CVE-2021-32715.json +++ b/2021/32xxx/CVE-2021-32715.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Lenient Parsing of Content-Length Header When Prefixed with Plus Sign" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "hyper", + "version": { + "version_data": [ + { + "version_value": "< 0.14.10" + } + ] + } + } + ] + }, + "vendor_name": "hyperium" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such `Content-Length` headers, but forwards them, can result in \"request smuggling\" or \"desync attacks\". The flaw exists in all prior versions of hyper prior to 0.14.10, if built with `rustc` v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the `Content-Length` header or ensure any upstream proxy handles `Content-Length` headers with a plus sign prefix." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c", + "refsource": "CONFIRM", + "url": "https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c" + }, + { + "name": "https://github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739", + "refsource": "MISC", + "url": "https://github.com/rust-lang/rust/pull/28826/commits/123a83326fb95366e94a3be1a74775df4db97739" + } + ] + }, + "source": { + "advisory": "GHSA-f3pg-qwvg-p99c", + "discovery": "UNKNOWN" } } \ No newline at end of file From 5d947a8eeefc968ccf7c2a324c3742abac687119 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Jul 2021 20:00:53 +0000 Subject: [PATCH 21/38] "-Synchronized-Data." --- 2021/32xxx/CVE-2021-32714.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2021/32xxx/CVE-2021-32714.json b/2021/32xxx/CVE-2021-32714.json index 4a0546ef7b0..378b6348003 100644 --- a/2021/32xxx/CVE-2021-32714.json +++ b/2021/32xxx/CVE-2021-32714.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in \"request smuggling\" or \"desync attacks.\" The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers.\n\n" + "value": "hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in \"request smuggling\" or \"desync attacks.\" The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers." } ] }, From 4ee29d41372b3f0679ebdc6725d56d91e58783bb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Jul 2021 21:00:56 +0000 Subject: [PATCH 22/38] "-Synchronized-Data." --- 2007/5xxx/CVE-2007-5002.json | 14 +++++++------- 2008/1xxx/CVE-2008-1879.json | 14 +++++++------- 2021/36xxx/CVE-2021-36220.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36221.json | 18 ++++++++++++++++++ 4 files changed, 50 insertions(+), 14 deletions(-) create mode 100644 2021/36xxx/CVE-2021-36220.json create mode 100644 2021/36xxx/CVE-2021-36221.json diff --git a/2007/5xxx/CVE-2007-5002.json b/2007/5xxx/CVE-2007-5002.json index 5450b300eef..948ff3f62e3 100644 --- a/2007/5xxx/CVE-2007-5002.json +++ b/2007/5xxx/CVE-2007-5002.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2007-5002", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-5002", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2008/1xxx/CVE-2008-1879.json b/2008/1xxx/CVE-2008-1879.json index 71eb47465fc..f266cc6230a 100644 --- a/2008/1xxx/CVE-2008-1879.json +++ b/2008/1xxx/CVE-2008-1879.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2008-1879", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-1879", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2021/36xxx/CVE-2021-36220.json b/2021/36xxx/CVE-2021-36220.json new file mode 100644 index 00000000000..774cb7754d4 --- /dev/null +++ b/2021/36xxx/CVE-2021-36220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36221.json b/2021/36xxx/CVE-2021-36221.json new file mode 100644 index 00000000000..78aaaf3a302 --- /dev/null +++ b/2021/36xxx/CVE-2021-36221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 06c997d586b4c2dbd1bd6435cc36c4630024a789 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 7 Jul 2021 22:00:50 +0000 Subject: [PATCH 23/38] "-Synchronized-Data." --- 2021/21xxx/CVE-2021-21775.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21807.json | 50 ++++++++++++++++++++++++++++++++-- 2021/36xxx/CVE-2021-36222.json | 18 ++++++++++++ 2021/36xxx/CVE-2021-36223.json | 18 ++++++++++++ 4 files changed, 130 insertions(+), 6 deletions(-) create mode 100644 2021/36xxx/CVE-2021-36222.json create mode 100644 2021/36xxx/CVE-2021-36223.json diff --git a/2021/21xxx/CVE-2021-21775.json b/2021/21xxx/CVE-2021-21775.json index 5e78c4e707e..59ca916852c 100644 --- a/2021/21xxx/CVE-2021-21775.json +++ b/2021/21xxx/CVE-2021-21775.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21775", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Webkit", + "version": { + "version_data": [ + { + "version_value": "Webkit WebKitGTK 2.30.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage." } ] } diff --git a/2021/21xxx/CVE-2021-21807.json b/2021/21xxx/CVE-2021-21807.json index 33e2ee959f3..617b96ee627 100644 --- a/2021/21xxx/CVE-2021-21807.json +++ b/2021/21xxx/CVE-2021-21807.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1275", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1275" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/36xxx/CVE-2021-36222.json b/2021/36xxx/CVE-2021-36222.json new file mode 100644 index 00000000000..c8209a96c46 --- /dev/null +++ b/2021/36xxx/CVE-2021-36222.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36222", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36223.json b/2021/36xxx/CVE-2021-36223.json new file mode 100644 index 00000000000..7531b766262 --- /dev/null +++ b/2021/36xxx/CVE-2021-36223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 1ade3eb66661d1b8226a0a68eb432e53703085bb Mon Sep 17 00:00:00 2001 From: Kyle Jackson Date: Thu, 8 Jul 2021 11:29:14 +1000 Subject: [PATCH 24/38] Updated CVEs for SA 2021-05 and SA 2021-06 --- 2021/31xxx/CVE-2021-31816.json | 63 ++++++++++++++++++++++++++++++++-- 2021/31xxx/CVE-2021-31817.json | 63 ++++++++++++++++++++++++++++++++-- 2 files changed, 120 insertions(+), 6 deletions(-) diff --git a/2021/31xxx/CVE-2021-31816.json b/2021/31xxx/CVE-2021-31816.json index 701cc04d739..f7c6e8c1fe7 100644 --- a/2021/31xxx/CVE-2021-31816.json +++ b/2021/31xxx/CVE-2021-31816.json @@ -3,15 +3,72 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@octopus.com", "ID": "CVE-2021-31816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Octopus Deploy", + "product": { + "product_data": [ + { + "product_name": "Octopus Server", + "version": { + "version_data": [ + { + "version_value": ">=", + "version_affected": "0.9" + }, + { + "version_value": "<", + "version_affected": "2020.6.5146" + }, + { + "version_value": ">=", + "version_affected": "2021.1.7149" + }, + { + "version_value": "<", + "version_affected": "2021.1.7316" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext Storage of Sensitive Information (Windows)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html", + "refsource": "MISC", + "name": "https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31816).2121793537.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext." } ] } diff --git a/2021/31xxx/CVE-2021-31817.json b/2021/31xxx/CVE-2021-31817.json index 761d0f52774..b4af8899a83 100644 --- a/2021/31xxx/CVE-2021-31817.json +++ b/2021/31xxx/CVE-2021-31817.json @@ -3,15 +3,72 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@octopus.com", "ID": "CVE-2021-31817", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Octopus Deploy", + "product": { + "product_data": [ + { + "product_name": "Octopus Server", + "version": { + "version_data": [ + { + "version_value": ">=", + "version_affected": "2020.6.4671" + }, + { + "version_value": "<", + "version_affected": "2020.6.5146" + }, + { + "version_value": ">=", + "version_affected": "2021.1.7149" + }, + { + "version_value": "<", + "version_affected": "2021.1.7316" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cleartext Storage of Sensitive Information (Linux Container)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31817).2121138201.html", + "refsource": "MISC", + "name": "https://advisories.octopus.com/adv/2021-06---Cleartext-Storage-of-Sensitive-Information-(CVE-2021-31817).2121138201.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext." } ] } From 513895f198688c70bbcce51d00e024f09d1c5466 Mon Sep 17 00:00:00 2001 From: Wayne Beaton Date: Tue, 6 Jul 2021 17:58:58 -0400 Subject: [PATCH 25/38] CVE-2021-34430 Signed-off-by: Wayne Beaton --- 2021/34xxx/CVE-2021-34430.json | 53 +++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 4 deletions(-) diff --git a/2021/34xxx/CVE-2021-34430.json b/2021/34xxx/CVE-2021-34430.json index 577cd081ace..24b95f579ed 100644 --- a/2021/34xxx/CVE-2021-34430.json +++ b/2021/34xxx/CVE-2021-34430.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-34430", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@eclipse.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Eclipse TinyDTLS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "0.9-rc1" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803" } ] } -} \ No newline at end of file +} From c3c17c8cf5901619e0738dfe97f73dc3d82734bb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 03:00:58 +0000 Subject: [PATCH 26/38] "-Synchronized-Data." --- 2021/22xxx/CVE-2021-22543.json | 10 ++++++++++ 2021/33xxx/CVE-2021-33503.json | 5 +++++ 2021/36xxx/CVE-2021-36224.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36225.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36226.json | 18 ++++++++++++++++++ 5 files changed, 69 insertions(+) create mode 100644 2021/36xxx/CVE-2021-36224.json create mode 100644 2021/36xxx/CVE-2021-36225.json create mode 100644 2021/36xxx/CVE-2021-36226.json diff --git a/2021/22xxx/CVE-2021-22543.json b/2021/22xxx/CVE-2021-22543.json index f1f83aa8f67..13c7bda22cc 100644 --- a/2021/22xxx/CVE-2021-22543.json +++ b/2021/22xxx/CVE-2021-22543.json @@ -96,6 +96,16 @@ "refsource": "MLIST", "name": "[oss-security] 20210626 Re: CVE-2021-22543 - /dev/kvm LPE", "url": "http://www.openwall.com/lists/oss-security/2021/06/26/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-fe826f202e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-95f2f1cfc7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/" } ] }, diff --git a/2021/33xxx/CVE-2021-33503.json b/2021/33xxx/CVE-2021-33503.json index dd851253177..a6415288348 100644 --- a/2021/33xxx/CVE-2021-33503.json +++ b/2021/33xxx/CVE-2021-33503.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-a6bde7ab18", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FMUGWEAUYGGHTPPXT6YBD53WYXQGVV73/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-9c5f3b8aae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SCV7ZNAHS3E6PBFLJGENCDRDRWRZZ6W/" } ] } diff --git a/2021/36xxx/CVE-2021-36224.json b/2021/36xxx/CVE-2021-36224.json new file mode 100644 index 00000000000..d1ee5e6e719 --- /dev/null +++ b/2021/36xxx/CVE-2021-36224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36225.json b/2021/36xxx/CVE-2021-36225.json new file mode 100644 index 00000000000..3a342999517 --- /dev/null +++ b/2021/36xxx/CVE-2021-36225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36226.json b/2021/36xxx/CVE-2021-36226.json new file mode 100644 index 00000000000..ae17c5f4cde --- /dev/null +++ b/2021/36xxx/CVE-2021-36226.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36226", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 2b8ef7c6ed5be0a7f88be75dc91ee678e8fa55fc Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 04:00:49 +0000 Subject: [PATCH 27/38] "-Synchronized-Data." --- 2021/34xxx/CVE-2021-34527.json | 5 +++++ 2021/36xxx/CVE-2021-36227.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36228.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36229.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36230.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36231.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36232.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36233.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36234.json | 18 ++++++++++++++++++ 2021/36xxx/CVE-2021-36235.json | 18 ++++++++++++++++++ 10 files changed, 167 insertions(+) create mode 100644 2021/36xxx/CVE-2021-36227.json create mode 100644 2021/36xxx/CVE-2021-36228.json create mode 100644 2021/36xxx/CVE-2021-36229.json create mode 100644 2021/36xxx/CVE-2021-36230.json create mode 100644 2021/36xxx/CVE-2021-36231.json create mode 100644 2021/36xxx/CVE-2021-36232.json create mode 100644 2021/36xxx/CVE-2021-36233.json create mode 100644 2021/36xxx/CVE-2021-36234.json create mode 100644 2021/36xxx/CVE-2021-36235.json diff --git a/2021/34xxx/CVE-2021-34527.json b/2021/34xxx/CVE-2021-34527.json index 334a90e5a8d..bb96241ed5b 100644 --- a/2021/34xxx/CVE-2021-34527.json +++ b/2021/34xxx/CVE-2021-34527.json @@ -284,6 +284,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CERT-VN", + "name": "VU#383432", + "url": "https://www.kb.cert.org/vuls/id/383432" + }, { "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527", "refsource": "MISC", diff --git a/2021/36xxx/CVE-2021-36227.json b/2021/36xxx/CVE-2021-36227.json new file mode 100644 index 00000000000..f1569815c4d --- /dev/null +++ b/2021/36xxx/CVE-2021-36227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36228.json b/2021/36xxx/CVE-2021-36228.json new file mode 100644 index 00000000000..784553f141e --- /dev/null +++ b/2021/36xxx/CVE-2021-36228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36229.json b/2021/36xxx/CVE-2021-36229.json new file mode 100644 index 00000000000..c73f44447b6 --- /dev/null +++ b/2021/36xxx/CVE-2021-36229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36230.json b/2021/36xxx/CVE-2021-36230.json new file mode 100644 index 00000000000..d832724e84b --- /dev/null +++ b/2021/36xxx/CVE-2021-36230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36231.json b/2021/36xxx/CVE-2021-36231.json new file mode 100644 index 00000000000..56bf519243d --- /dev/null +++ b/2021/36xxx/CVE-2021-36231.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36231", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36232.json b/2021/36xxx/CVE-2021-36232.json new file mode 100644 index 00000000000..b82e9da4fd4 --- /dev/null +++ b/2021/36xxx/CVE-2021-36232.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36232", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36233.json b/2021/36xxx/CVE-2021-36233.json new file mode 100644 index 00000000000..8af0cb2fcec --- /dev/null +++ b/2021/36xxx/CVE-2021-36233.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36233", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36234.json b/2021/36xxx/CVE-2021-36234.json new file mode 100644 index 00000000000..af42f62ce6f --- /dev/null +++ b/2021/36xxx/CVE-2021-36234.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36234", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36235.json b/2021/36xxx/CVE-2021-36235.json new file mode 100644 index 00000000000..9f817362d3e --- /dev/null +++ b/2021/36xxx/CVE-2021-36235.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-36235", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From 7a190f417eebb1f8135ec5ff6772a299bb9d78d7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 05:00:48 +0000 Subject: [PATCH 28/38] "-Synchronized-Data." --- 2020/10xxx/CVE-2020-10701.json | 5 +++++ 2021/20xxx/CVE-2021-20196.json | 5 +++++ 2021/20xxx/CVE-2021-20221.json | 5 +++++ 2021/22xxx/CVE-2021-22543.json | 5 +++++ 2021/23xxx/CVE-2021-23017.json | 5 +++++ 2021/29xxx/CVE-2021-29505.json | 5 +++++ 2021/30xxx/CVE-2021-30465.json | 5 +++++ 2021/3xxx/CVE-2021-3527.json | 5 +++++ 8 files changed, 40 insertions(+) diff --git a/2020/10xxx/CVE-2020-10701.json b/2020/10xxx/CVE-2020-10701.json index 307ac03e342..927112b1b33 100644 --- a/2020/10xxx/CVE-2020-10701.json +++ b/2020/10xxx/CVE-2020-10701.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819163" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210708-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210708-0001/" } ] }, diff --git a/2021/20xxx/CVE-2021-20196.json b/2021/20xxx/CVE-2021-20196.json index ec51d2777a7..537bffefecd 100644 --- a/2021/20xxx/CVE-2021-20196.json +++ b/2021/20xxx/CVE-2021-20196.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2021/01/28/1", "url": "https://www.openwall.com/lists/oss-security/2021/01/28/1" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210708-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210708-0004/" } ] }, diff --git a/2021/20xxx/CVE-2021-20221.json b/2021/20xxx/CVE-2021-20221.json index 8ded7714e73..86877ccffd3 100644 --- a/2021/20xxx/CVE-2021-20221.json +++ b/2021/20xxx/CVE-2021-20221.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210708-0005/", + "url": "https://security.netapp.com/advisory/ntap-20210708-0005/" } ] }, diff --git a/2021/22xxx/CVE-2021-22543.json b/2021/22xxx/CVE-2021-22543.json index 13c7bda22cc..9354c00dee1 100644 --- a/2021/22xxx/CVE-2021-22543.json +++ b/2021/22xxx/CVE-2021-22543.json @@ -106,6 +106,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-95f2f1cfc7", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210708-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210708-0002/" } ] }, diff --git a/2021/23xxx/CVE-2021-23017.json b/2021/23xxx/CVE-2021-23017.json index a5b2b1b4eae..567bbdc2605 100644 --- a/2021/23xxx/CVE-2021-23017.json +++ b/2021/23xxx/CVE-2021-23017.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-393d698493", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210708-0006/", + "url": "https://security.netapp.com/advisory/ntap-20210708-0006/" } ] }, diff --git a/2021/29xxx/CVE-2021-29505.json b/2021/29xxx/CVE-2021-29505.json index 3ba226e263f..ce2f8d0020d 100644 --- a/2021/29xxx/CVE-2021-29505.json +++ b/2021/29xxx/CVE-2021-29505.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210705 [SECURITY] [DLA 2704-1] libxstream-java security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210708-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210708-0007/" } ] }, diff --git a/2021/30xxx/CVE-2021-30465.json b/2021/30xxx/CVE-2021-30465.json index efe4ddc1a95..8539f7edec8 100644 --- a/2021/30xxx/CVE-2021-30465.json +++ b/2021/30xxx/CVE-2021-30465.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405", "url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1185405" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210708-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210708-0003/" } ] } diff --git a/2021/3xxx/CVE-2021-3527.json b/2021/3xxx/CVE-2021-3527.json index c8fae0fb166..b3a358bbd9f 100644 --- a/2021/3xxx/CVE-2021-3527.json +++ b/2021/3xxx/CVE-2021-3527.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c", "url": "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210708-0008/", + "url": "https://security.netapp.com/advisory/ntap-20210708-0008/" } ] }, From 5b6682d249692720cdc803c67b631dd78e27d40b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 06:00:55 +0000 Subject: [PATCH 29/38] "-Synchronized-Data." --- 2021/3xxx/CVE-2021-3638.json | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 2021/3xxx/CVE-2021-3638.json diff --git a/2021/3xxx/CVE-2021-3638.json b/2021/3xxx/CVE-2021-3638.json new file mode 100644 index 00000000000..374c042c304 --- /dev/null +++ b/2021/3xxx/CVE-2021-3638.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3638", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file From e27984d914404aa506403c1013a38863b235a262 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 07:00:53 +0000 Subject: [PATCH 30/38] "-Synchronized-Data." --- 2017/14xxx/CVE-2017-14648.json | 5 +++++ 2018/10xxx/CVE-2018-10689.json | 5 +++++ 2020/28xxx/CVE-2020-28493.json | 5 +++++ 2020/28xxx/CVE-2020-28924.json | 5 +++++ 2020/35xxx/CVE-2020-35502.json | 5 +++++ 2021/20xxx/CVE-2021-20209.json | 5 +++++ 2021/20xxx/CVE-2021-20210.json | 5 +++++ 2021/20xxx/CVE-2021-20211.json | 5 +++++ 2021/20xxx/CVE-2021-20212.json | 5 +++++ 2021/20xxx/CVE-2021-20213.json | 5 +++++ 2021/20xxx/CVE-2021-20214.json | 5 +++++ 2021/20xxx/CVE-2021-20215.json | 5 +++++ 2021/20xxx/CVE-2021-20216.json | 5 +++++ 2021/20xxx/CVE-2021-20217.json | 5 +++++ 2021/20xxx/CVE-2021-20272.json | 5 +++++ 2021/20xxx/CVE-2021-20273.json | 5 +++++ 2021/20xxx/CVE-2021-20274.json | 5 +++++ 2021/20xxx/CVE-2021-20275.json | 5 +++++ 2021/20xxx/CVE-2021-20276.json | 5 +++++ 2021/21xxx/CVE-2021-21289.json | 5 +++++ 20 files changed, 100 insertions(+) diff --git a/2017/14xxx/CVE-2017-14648.json b/2017/14xxx/CVE-2017-14648.json index 0ac798c7223..1003b19186e 100644 --- a/2017/14xxx/CVE-2017-14648.json +++ b/2017/14xxx/CVE-2017-14648.json @@ -56,6 +56,11 @@ "name": "https://blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-18", + "url": "https://security.gentoo.org/glsa/202107-18" } ] } diff --git a/2018/10xxx/CVE-2018-10689.json b/2018/10xxx/CVE-2018-10689.json index 365d25ff189..dad77aac2a2 100644 --- a/2018/10xxx/CVE-2018-10689.json +++ b/2018/10xxx/CVE-2018-10689.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2162", "url": "https://access.redhat.com/errata/RHSA-2019:2162" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-15", + "url": "https://security.gentoo.org/glsa/202107-15" } ] } diff --git a/2020/28xxx/CVE-2020-28493.json b/2020/28xxx/CVE-2020-28493.json index 78605b1c180..d21c05b33f1 100644 --- a/2020/28xxx/CVE-2020-28493.json +++ b/2020/28xxx/CVE-2020-28493.json @@ -70,6 +70,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-2ab8ebcabc", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-19", + "url": "https://security.gentoo.org/glsa/202107-19" } ] }, diff --git a/2020/28xxx/CVE-2020-28924.json b/2020/28xxx/CVE-2020-28924.json index a62a46f6a8b..c79e41bfafe 100644 --- a/2020/28xxx/CVE-2020-28924.json +++ b/2020/28xxx/CVE-2020-28924.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-3b0bb05117", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-14", + "url": "https://security.gentoo.org/glsa/202107-14" } ] } diff --git a/2020/35xxx/CVE-2020-35502.json b/2020/35xxx/CVE-2020-35502.json index fd83c929afd..18c4d4d54eb 100644 --- a/2020/35xxx/CVE-2020-35502.json +++ b/2020/35xxx/CVE-2020-35502.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html", "url": "https://www.privoxy.org/3.0.29/user-manual/whatsnew.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20209.json b/2021/20xxx/CVE-2021-20209.json index 3a6943d6b24..b30d080c06b 100644 --- a/2021/20xxx/CVE-2021-20209.json +++ b/2021/20xxx/CVE-2021-20209.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928726" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20210.json b/2021/20xxx/CVE-2021-20210.json index 7bae58ab684..b41c5f2afcf 100644 --- a/2021/20xxx/CVE-2021-20210.json +++ b/2021/20xxx/CVE-2021-20210.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928729" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20211.json b/2021/20xxx/CVE-2021-20211.json index 81df8b214e1..f2ca079925f 100644 --- a/2021/20xxx/CVE-2021-20211.json +++ b/2021/20xxx/CVE-2021-20211.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928733" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20212.json b/2021/20xxx/CVE-2021-20212.json index d2fda3c14fe..a5d14604d96 100644 --- a/2021/20xxx/CVE-2021-20212.json +++ b/2021/20xxx/CVE-2021-20212.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928736" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20213.json b/2021/20xxx/CVE-2021-20213.json index 0549dadd217..00418e0c741 100644 --- a/2021/20xxx/CVE-2021-20213.json +++ b/2021/20xxx/CVE-2021-20213.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928739" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20214.json b/2021/20xxx/CVE-2021-20214.json index 59774d904d8..0b7e6d7e93a 100644 --- a/2021/20xxx/CVE-2021-20214.json +++ b/2021/20xxx/CVE-2021-20214.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928742" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20215.json b/2021/20xxx/CVE-2021-20215.json index 9837fd0818d..eaf1ffd832c 100644 --- a/2021/20xxx/CVE-2021-20215.json +++ b/2021/20xxx/CVE-2021-20215.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928746" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20216.json b/2021/20xxx/CVE-2021-20216.json index 99da47582a1..79b09feca4c 100644 --- a/2021/20xxx/CVE-2021-20216.json +++ b/2021/20xxx/CVE-2021-20216.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html", "url": "https://www.privoxy.org/3.0.31/user-manual/whatsnew.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20217.json b/2021/20xxx/CVE-2021-20217.json index 12b3357282a..4acdf3cc3eb 100644 --- a/2021/20xxx/CVE-2021-20217.json +++ b/2021/20xxx/CVE-2021-20217.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923252" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20272.json b/2021/20xxx/CVE-2021-20272.json index e003edb8413..704f154641f 100644 --- a/2021/20xxx/CVE-2021-20272.json +++ b/2021/20xxx/CVE-2021-20272.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20273.json b/2021/20xxx/CVE-2021-20273.json index bba8fa33874..7e2bfedf623 100644 --- a/2021/20xxx/CVE-2021-20273.json +++ b/2021/20xxx/CVE-2021-20273.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20274.json b/2021/20xxx/CVE-2021-20274.json index 574315b0fd4..c8f722c9f9d 100644 --- a/2021/20xxx/CVE-2021-20274.json +++ b/2021/20xxx/CVE-2021-20274.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936662" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20275.json b/2021/20xxx/CVE-2021-20275.json index 66f159c1041..28f5e40e429 100644 --- a/2021/20xxx/CVE-2021-20275.json +++ b/2021/20xxx/CVE-2021-20275.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/20xxx/CVE-2021-20276.json b/2021/20xxx/CVE-2021-20276.json index 6f3cdf0ea6a..275ddc53f61 100644 --- a/2021/20xxx/CVE-2021-20276.json +++ b/2021/20xxx/CVE-2021-20276.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2587-1] privoxy security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-16", + "url": "https://security.gentoo.org/glsa/202107-16" } ] }, diff --git a/2021/21xxx/CVE-2021-21289.json b/2021/21xxx/CVE-2021-21289.json index e8530fd394d..80ac02608a5 100644 --- a/2021/21xxx/CVE-2021-21289.json +++ b/2021/21xxx/CVE-2021-21289.json @@ -103,6 +103,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210216 [SECURITY] [DLA 2561-1] ruby-mechanize security update", "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00021.html" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202107-17", + "url": "https://security.gentoo.org/glsa/202107-17" } ] }, From 65bcbd7326b4758f35fd4d0eb296b3068c49f688 Mon Sep 17 00:00:00 2001 From: Stanley S Huang Date: Thu, 8 Jul 2021 15:38:03 +0800 Subject: [PATCH 31/38] QSA-21-19 CVE-2021-28809 --- 2021/28xxx/CVE-2021-28809.json | 120 +++++++++++++++++++++++++++++++-- 1 file changed, 114 insertions(+), 6 deletions(-) diff --git a/2021/28xxx/CVE-2021-28809.json b/2021/28xxx/CVE-2021-28809.json index 3ef83540593..da1f758afaa 100644 --- a/2021/28xxx/CVE-2021-28809.json +++ b/2021/28xxx/CVE-2021-28809.json @@ -1,18 +1,126 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2021-07-08T15:22:00.000Z", "ID": "CVE-2021-28809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Missing Authentication for Critical Function in RTRR Server in HBS3" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HBS 3", + "version": { + "version_data": [ + { + "platform": "QTS 4.3.6", + "version_affected": "<", + "version_value": "v3.0.210507" + }, + { + "platform": "QTS 4.3.4", + "version_affected": "<", + "version_value": "v3.0.210506" + }, + { + "platform": "QTS 4.3.3", + "version_affected": "<", + "version_value": "v3.0.210506" + } + ] + } + } + ] + }, + "vendor_name": "QNAP Systems Inc." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ta-Lun Yen of TXOne IoT/ICS Security Research Labs of Trend Micro working with Trend Micro’s Zero Day Initiative" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3:\nQTS 4.3.6: HBS 3 v3.0.210507 and later\nQTS 4.3.4: HBS 3 v3.0.210506 and later\nQTS 4.3.3: HBS 3 v3.0.210506 and later\n" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-749 Exposed Dangerous Method or Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.qnap.com/en/security-advisory/qsa-21-19" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "QNAP have already fixed this vulnerability in the following versions of HBS 3:\nQTS 4.3.6: HBS 3 v3.0.210507 and later\nQTS 4.3.4: HBS 3 v3.0.210506 and later\nQTS 4.3.3: HBS 3 v3.0.210506 and later\n" + } + ], + "source": { + "advisory": "QSA-21-19", + "discovery": "EXTERNAL" } } \ No newline at end of file From 93d3380bae3f16f439fb4765c154c1d8241c48c8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 08:00:56 +0000 Subject: [PATCH 32/38] "-Synchronized-Data." --- 2021/28xxx/CVE-2021-28809.json | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/2021/28xxx/CVE-2021-28809.json b/2021/28xxx/CVE-2021-28809.json index da1f758afaa..dd74abfa7b4 100644 --- a/2021/28xxx/CVE-2021-28809.json +++ b/2021/28xxx/CVE-2021-28809.json @@ -4,7 +4,7 @@ "DATE_PUBLIC": "2021-07-08T15:22:00.000Z", "ID": "CVE-2021-28809", "STATE": "PUBLIC", - "TITLE": "Missing Authentication for Critical Function in RTRR Server in HBS3" + "TITLE": "Missing Authentication for Critical Function in RTRR Server\u00a0in HBS3" }, "affects": { "vendor": { @@ -44,7 +44,7 @@ "credit": [ { "lang": "eng", - "value": "Ta-Lun Yen of TXOne IoT/ICS Security Research Labs of Trend Micro working with Trend Micro’s Zero Day Initiative" + "value": "Ta-Lun Yen of TXOne IoT/ICS Security Research Labs of Trend Micro working with Trend Micro\u2019s Zero Day Initiative" } ], "data_format": "MITRE", @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3:\nQTS 4.3.6: HBS 3 v3.0.210507 and later\nQTS 4.3.4: HBS 3 v3.0.210506 and later\nQTS 4.3.3: HBS 3 v3.0.210506 and later\n" + "value": "An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later" } ] }, @@ -108,8 +108,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.qnap.com/en/security-advisory/qsa-21-19" + "refsource": "MISC", + "url": "https://www.qnap.com/en/security-advisory/qsa-21-19", + "name": "https://www.qnap.com/en/security-advisory/qsa-21-19" } ] }, From 0c95e2b6c5be571806a37942d81d2b46fc2e917b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 11:00:54 +0000 Subject: [PATCH 33/38] "-Synchronized-Data." --- 2020/35xxx/CVE-2020-35517.json | 10 +-- 2020/35xxx/CVE-2020-35524.json | 10 +-- 2021/21xxx/CVE-2021-21821.json | 50 ++++++++++++- 2021/32xxx/CVE-2021-32461.json | 128 +++++++++++++++++---------------- 2021/32xxx/CVE-2021-32462.json | 128 +++++++++++++++++---------------- 2021/3xxx/CVE-2021-3517.json | 10 +-- 6 files changed, 194 insertions(+), 142 deletions(-) diff --git a/2020/35xxx/CVE-2020-35517.json b/2020/35xxx/CVE-2020-35517.json index d762dee3344..e404013d6f8 100644 --- a/2020/35xxx/CVE-2020-35517.json +++ b/2020/35xxx/CVE-2020-35517.json @@ -44,6 +44,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c", + "url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c" + }, { "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823", @@ -59,11 +64,6 @@ "name": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html", "url": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html" }, - { - "refsource": "MISC", - "name": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c", - "url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c" - }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210312-0002/", diff --git a/2020/35xxx/CVE-2020-35524.json b/2020/35xxx/CVE-2020-35524.json index a6c823be5c4..6dc762d8212 100644 --- a/2020/35xxx/CVE-2020-35524.json +++ b/2020/35xxx/CVE-2020-35524.json @@ -74,15 +74,15 @@ "name": "GLSA-202104-06", "url": "https://security.gentoo.org/glsa/202104-06" }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20210521-0009/", - "url": "https://security.netapp.com/advisory/ntap-20210521-0009/" - }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20210627 [SECURITY] [DLA 2694-1] tiff security update", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00023.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210521-0009/", + "url": "https://security.netapp.com/advisory/ntap-20210521-0009/" } ] }, diff --git a/2021/21xxx/CVE-2021-21821.json b/2021/21xxx/CVE-2021-21821.json index 1f31b3d68b0..6441174fefd 100644 --- a/2021/21xxx/CVE-2021-21821.json +++ b/2021/21xxx/CVE-2021-21821.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21821", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stack-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1286", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1286" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/32xxx/CVE-2021-32461.json b/2021/32xxx/CVE-2021-32461.json index cdd7ec368b7..e0d5063b2f0 100644 --- a/2021/32xxx/CVE-2021-32461.json +++ b/2021/32xxx/CVE-2021-32461.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2021-32461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Password Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.1217 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations.\r\n\r\nAn attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Truncation Priv Escalation" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-773/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2021-32461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Password Manager", + "version": { + "version_data": [ + { + "version_value": "5.0.0.1217 and below" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Truncation Priv Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388", + "refsource": "MISC", + "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-773/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-773/" + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32462.json b/2021/32xxx/CVE-2021-32462.json index df691b6929c..d687de805e5 100644 --- a/2021/32xxx/CVE-2021-32462.json +++ b/2021/32xxx/CVE-2021-32462.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2021-32462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Password Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0.1217 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations.\r\n\r\nAuthentication is required to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Exposed Hazardous Function RCE" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-774/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2021-32462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Password Manager", + "version": { + "version_data": [ + { + "version_value": "5.0.0.1217 and below" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposed Hazardous Function RCE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388", + "refsource": "MISC", + "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10388" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-774/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-774/" + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3517.json b/2021/3xxx/CVE-2021-3517.json index b0a7eb0905d..0fb7a3e7b90 100644 --- a/2021/3xxx/CVE-2021-3517.json +++ b/2021/3xxx/CVE-2021-3517.json @@ -64,11 +64,6 @@ "name": "FEDORA-2021-b950000d2b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/" }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20210625-0002/", - "url": "https://security.netapp.com/advisory/ntap-20210625-0002/" - }, { "refsource": "MLIST", "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", @@ -83,6 +78,11 @@ "refsource": "GENTOO", "name": "GLSA-202107-05", "url": "https://security.gentoo.org/glsa/202107-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210625-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210625-0002/" } ] }, From fdde40f7e3aba9e84057b5c5fff09cebb4959760 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 12:00:53 +0000 Subject: [PATCH 34/38] "-Synchronized-Data." --- 2020/20xxx/CVE-2020-20217.json | 61 ++++++++++++++++++++++++++++++---- 2020/28xxx/CVE-2020-28598.json | 50 ++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21779.json | 50 ++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21793.json | 50 ++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21794.json | 50 ++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21806.json | 50 ++++++++++++++++++++++++++-- 6 files changed, 290 insertions(+), 21 deletions(-) diff --git a/2020/20xxx/CVE-2020-20217.json b/2020/20xxx/CVE-2020-20217.json index 62852b23017..73d0d49bba1 100644 --- a/2020/20xxx/CVE-2020-20217.json +++ b/2020/20xxx/CVE-2020-20217.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20217", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20217", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mikrotik.com/", + "refsource": "MISC", + "name": "https://mikrotik.com/" + }, + { + "refsource": "MISC", + "name": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md", + "url": "https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20217/README.md" } ] } diff --git a/2020/28xxx/CVE-2020-28598.json b/2020/28xxx/CVE-2020-28598.json index e95e8cc52d9..4bff9ff80dd 100644 --- a/2020/28xxx/CVE-2020-28598.json +++ b/2020/28xxx/CVE-2020-28598.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Prusa Research", + "version": { + "version_data": [ + { + "version_value": "Prusa Research PrusaSlicer 2.2.0 ,Prusa Research PrusaSlicer Master (commit 4b040b856)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21779.json b/2021/21xxx/CVE-2021-21779.json index 093f44e4f81..de5413b4c92 100644 --- a/2021/21xxx/CVE-2021-21779.json +++ b/2021/21xxx/CVE-2021-21779.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Webkit", + "version": { + "version_data": [ + { + "version_value": "Webkit WebKitGTK 2.30.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability exists in the way Webkit\u2019s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21793.json b/2021/21xxx/CVE-2021-21793.json index 74283b0d070..7a6fbfee313 100644 --- a/2021/21xxx/CVE-2021-21793.json +++ b/2021/21xxx/CVE-2021-21793.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21793", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.8 , Accusoft ImageGear 19.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1257", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1257" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21794.json b/2021/21xxx/CVE-2021-21794.json index f6e8d08a7d6..b9f774e52f9 100644 --- a/2021/21xxx/CVE-2021-21794.json +++ b/2021/21xxx/CVE-2021-21794.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Accusoft\"", + "version": { + "version_data": [ + { + "version_value": "Accusoft ImageGear 19.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1261", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1261" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21806.json b/2021/21xxx/CVE-2021-21806.json index 9da3ce6a2ab..c03da2516b9 100644 --- a/2021/21xxx/CVE-2021-21806.json +++ b/2021/21xxx/CVE-2021-21806.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Webkit", + "version": { + "version_data": [ + { + "version_value": "Webkit WebKitGTK 2.30.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability." } ] } From 6ed71ae1f3e43fdb41fd3b25fe940aa02c8c98c5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 13:00:48 +0000 Subject: [PATCH 35/38] "-Synchronized-Data." --- 2021/34xxx/CVE-2021-34110.json | 76 +++++++++++++++++++++++++++++++--- 1 file changed, 70 insertions(+), 6 deletions(-) diff --git a/2021/34xxx/CVE-2021-34110.json b/2021/34xxx/CVE-2021-34110.json index c1e636aeac7..6fb0d7d2ad0 100644 --- a/2021/34xxx/CVE-2021-34110.json +++ b/2021/34xxx/CVE-2021-34110.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34110", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34110", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with \"LocalSystem\" privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://winwastenet.com", + "refsource": "MISC", + "name": "http://winwastenet.com" + }, + { + "refsource": "MISC", + "name": "http://nica.it", + "url": "http://nica.it" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/163335/WinWaste.NET-1.0.6183.16475-Local-Privilege-Escalation.html", + "url": "https://packetstormsecurity.com/files/163335/WinWaste.NET-1.0.6183.16475-Local-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204780", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204780" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50083", + "url": "https://www.exploit-db.com/exploits/50083" } ] } From fc36357503b044fe5f9db6ba657f652157aa578d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 14:00:50 +0000 Subject: [PATCH 36/38] "-Synchronized-Data." --- 2021/25xxx/CVE-2021-25426.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25427.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25428.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25429.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25430.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25431.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25432.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25433.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25434.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25435.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25436.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25437.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25438.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25439.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25440.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25441.json | 66 ++++++++++++++++++++++++++++++---- 2021/25xxx/CVE-2021-25442.json | 66 ++++++++++++++++++++++++++++++---- 2021/28xxx/CVE-2021-28809.json | 5 +++ 18 files changed, 1025 insertions(+), 102 deletions(-) diff --git a/2021/25xxx/CVE-2021-25426.json b/2021/25xxx/CVE-2021-25426.json index 91e436bf0ec..7cc22616091 100644 --- a/2021/25xxx/CVE-2021-25426.json +++ b/2021/25xxx/CVE-2021-25426.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0) , R(11.0)", + "version_value": "SMR July-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25427.json b/2021/25xxx/CVE-2021-25427.json index 9b1098dd6b6..4cb186b465b 100644 --- a/2021/25xxx/CVE-2021-25427.json +++ b/2021/25xxx/CVE-2021-25427.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR July-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information" } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25428.json b/2021/25xxx/CVE-2021-25428.json index 0ccae6993c6..6821d34fbf1 100644 --- a/2021/25xxx/CVE-2021-25428.json +++ b/2021/25xxx/CVE-2021-25428.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR July-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25429.json b/2021/25xxx/CVE-2021-25429.json index d7f6f94455e..1171c6f18b7 100644 --- a/2021/25xxx/CVE-2021-25429.json +++ b/2021/25xxx/CVE-2021-25429.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR July-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25430.json b/2021/25xxx/CVE-2021-25430.json index 168fa8aa960..3babb32edd5 100644 --- a/2021/25xxx/CVE-2021-25430.json +++ b/2021/25xxx/CVE-2021-25430.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25430", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "P(9.0), Q(10.0) , R(11.0)", + "version_value": "SMR July-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25431.json b/2021/25xxx/CVE-2021-25431.json index e34faa2463b..c7caf40c3a9 100644 --- a/2021/25xxx/CVE-2021-25431.json +++ b/2021/25xxx/CVE-2021-25431.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cameralyzer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25432.json b/2021/25xxx/CVE-2021-25432.json index a11695ad7bc..b5af58b9d72 100644 --- a/2021/25xxx/CVE-2021-25432.json +++ b/2021/25xxx/CVE-2021-25432.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Members", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25433.json b/2021/25xxx/CVE-2021-25433.json index 817617227f0..c73b7461449 100644 --- a/2021/25xxx/CVE-2021-25433.json +++ b/2021/25xxx/CVE-2021-25433.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tizen wearable devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Tizen 5.5", + "version_value": "Firmware update JUL-2021 Release" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25434.json b/2021/25xxx/CVE-2021-25434.json index e35ed467c4c..89c5a59dde1 100644 --- a/2021/25xxx/CVE-2021-25434.json +++ b/2021/25xxx/CVE-2021-25434.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25434", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tizen wearable devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Tizen 5.5", + "version_value": "Firmware update JUL-2021 Release" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25435.json b/2021/25xxx/CVE-2021-25435.json index 4725fb53f74..2eb8ea92183 100644 --- a/2021/25xxx/CVE-2021-25435.json +++ b/2021/25xxx/CVE-2021-25435.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25435", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tizen wearable devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Tizen 5.5", + "version_value": "Firmware update JUL-2021 Release" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25436.json b/2021/25xxx/CVE-2021-25436.json index 0ce202b69fa..b7fddc2c1ba 100644 --- a/2021/25xxx/CVE-2021-25436.json +++ b/2021/25xxx/CVE-2021-25436.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25436", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tizen wearable devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Tizen 5.5", + "version_value": "Firmware update JUL-2021 Release" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25437.json b/2021/25xxx/CVE-2021-25437.json index 96e828e3163..f2d0257e7eb 100644 --- a/2021/25xxx/CVE-2021-25437.json +++ b/2021/25xxx/CVE-2021-25437.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tizen wearable devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Tizen 5.5", + "version_value": "Firmware update JUL-2021 Release" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25438.json b/2021/25xxx/CVE-2021-25438.json index 38a21f95015..b6eccc2b729 100644 --- a/2021/25xxx/CVE-2021-25438.json +++ b/2021/25xxx/CVE-2021-25438.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Members", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25439.json b/2021/25xxx/CVE-2021-25439.json index 6633f18336c..7a5d15e5864 100644 --- a/2021/25xxx/CVE-2021-25439.json +++ b/2021/25xxx/CVE-2021-25439.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25439", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Members", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25440.json b/2021/25xxx/CVE-2021-25440.json index e49409fe62e..c828d365c48 100644 --- a/2021/25xxx/CVE-2021-25440.json +++ b/2021/25xxx/CVE-2021-25440.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FactoryCameraFB", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "3.4.74" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25441.json b/2021/25xxx/CVE-2021-25441.json index 3828a3d7ea7..7ffa328ceb9 100644 --- a/2021/25xxx/CVE-2021-25441.json +++ b/2021/25xxx/CVE-2021-25441.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AR Emoji Editor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "4.4.03.5 in Android Q(10.0) and above" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25442.json b/2021/25xxx/CVE-2021-25442.json index be874450533..62b2eb4d7e7 100644 --- a/2021/25xxx/CVE-2021-25442.json +++ b/2021/25xxx/CVE-2021-25442.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Knox Mobile Enrollment", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "KCS 1.39" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication." } ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28809.json b/2021/28xxx/CVE-2021-28809.json index dd74abfa7b4..0fdc8659a34 100644 --- a/2021/28xxx/CVE-2021-28809.json +++ b/2021/28xxx/CVE-2021-28809.json @@ -111,6 +111,11 @@ "refsource": "MISC", "url": "https://www.qnap.com/en/security-advisory/qsa-21-19", "name": "https://www.qnap.com/en/security-advisory/qsa-21-19" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-783/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-783/" } ] }, From 60b55d0131beb730389983a5b857daac34ecc7b5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 15:00:48 +0000 Subject: [PATCH 37/38] "-Synchronized-Data." --- 2021/29xxx/CVE-2021-29150.json | 50 ++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 3 deletions(-) diff --git a/2021/29xxx/CVE-2021-29150.json b/2021/29xxx/CVE-2021-29150.json index c0e1ded24e6..5958a2b5d70 100644 --- a/2021/29xxx/CVE-2021-29150.json +++ b/2021/29xxx/CVE-2021-29150.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.10.0, 6.9.6 and 6.8.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote insecure deserialization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability." } ] } From 22d882e7d2ed3fb35d9031dec838c0069b2385a9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Jul 2021 16:00:49 +0000 Subject: [PATCH 38/38] "-Synchronized-Data." --- 2020/20xxx/CVE-2020-20582.json | 56 ++++++++++++++++++++++++--- 2020/20xxx/CVE-2020-20583.json | 56 ++++++++++++++++++++++++--- 2020/20xxx/CVE-2020-20584.json | 71 +++++++++++++++++++++++++++++++--- 2020/20xxx/CVE-2020-20585.json | 66 ++++++++++++++++++++++++++++--- 2020/20xxx/CVE-2020-20586.json | 66 ++++++++++++++++++++++++++++--- 2021/29xxx/CVE-2021-29151.json | 50 ++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29152.json | 50 ++++++++++++++++++++++-- 2021/34xxx/CVE-2021-34610.json | 50 ++++++++++++++++++++++-- 2021/34xxx/CVE-2021-34611.json | 50 ++++++++++++++++++++++-- 9 files changed, 473 insertions(+), 42 deletions(-) diff --git a/2020/20xxx/CVE-2020-20582.json b/2020/20xxx/CVE-2020-20582.json index 6c9376f254a..e837126f535 100644 --- a/2020/20xxx/CVE-2020-20582.json +++ b/2020/20xxx/CVE-2020-20582.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20582", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20582", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sansanyun/mipcms5/issues/5", + "refsource": "MISC", + "name": "https://github.com/sansanyun/mipcms5/issues/5" } ] } diff --git a/2020/20xxx/CVE-2020-20583.json b/2020/20xxx/CVE-2020-20583.json index e989fa5e52a..65950980232 100644 --- a/2020/20xxx/CVE-2020-20583.json +++ b/2020/20xxx/CVE-2020-20583.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20583", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20583", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/0xyu/PHP_Learning/issues/1", + "refsource": "MISC", + "name": "https://github.com/0xyu/PHP_Learning/issues/1" } ] } diff --git a/2020/20xxx/CVE-2020-20584.json b/2020/20xxx/CVE-2020-20584.json index 274a29fc631..8e5fe1efb6d 100644 --- a/2020/20xxx/CVE-2020-20584.json +++ b/2020/20xxx/CVE-2020-20584.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20584", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20584", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://baigosso.com", + "refsource": "MISC", + "name": "http://baigosso.com" + }, + { + "url": "https://github.com/baigoStudio/baigoSSO", + "refsource": "MISC", + "name": "https://github.com/baigoStudio/baigoSSO" + }, + { + "url": "https://github.com/baigoStudio/baigoSSO/", + "refsource": "MISC", + "name": "https://github.com/baigoStudio/baigoSSO/" + }, + { + "url": "https://github.com/baigoStudio/baigoSSO/issues/13", + "refsource": "MISC", + "name": "https://github.com/baigoStudio/baigoSSO/issues/13" } ] } diff --git a/2020/20xxx/CVE-2020-20585.json b/2020/20xxx/CVE-2020-20585.json index 7eeb0a79a29..b3f0172e95a 100644 --- a/2020/20xxx/CVE-2020-20585.json +++ b/2020/20xxx/CVE-2020-20585.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20585", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20585", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.metinfo.cn/", + "refsource": "MISC", + "name": "https://www.metinfo.cn/" + }, + { + "url": "http://metinfo.com", + "refsource": "MISC", + "name": "http://metinfo.com" + }, + { + "url": "https://github.com/0xyu/PHP_Learning/issues/3", + "refsource": "MISC", + "name": "https://github.com/0xyu/PHP_Learning/issues/3" } ] } diff --git a/2020/20xxx/CVE-2020-20586.json b/2020/20xxx/CVE-2020-20586.json index 0882ea7e405..949a1d09613 100644 --- a/2020/20xxx/CVE-2020-20586.json +++ b/2020/20xxx/CVE-2020-20586.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20586", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20586", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.xyhcms.com/Show/download/id/2/at/0.html", + "refsource": "MISC", + "name": "http://www.xyhcms.com/Show/download/id/2/at/0.html" + }, + { + "url": "http://xyhcms.com", + "refsource": "MISC", + "name": "http://xyhcms.com" + }, + { + "url": "https://github.com/0xyu/PHP_Learning/issues/4", + "refsource": "MISC", + "name": "https://github.com/0xyu/PHP_Learning/issues/4" } ] } diff --git a/2021/29xxx/CVE-2021-29151.json b/2021/29xxx/CVE-2021-29151.json index bf60bdab52d..64d4c48e77b 100644 --- a/2021/29xxx/CVE-2021-29151.json +++ b/2021/29xxx/CVE-2021-29151.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.10.0, 6.9.6 and 6.8.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote authentication bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability." } ] } diff --git a/2021/29xxx/CVE-2021-29152.json b/2021/29xxx/CVE-2021-29152.json index 3a1820c74e3..bf8a28632f1 100644 --- a/2021/29xxx/CVE-2021-29152.json +++ b/2021/29xxx/CVE-2021-29152.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.10.0, 6.9.6 and 6.8.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote denial of service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability." } ] } diff --git a/2021/34xxx/CVE-2021-34610.json b/2021/34xxx/CVE-2021-34610.json index 82c57daf951..7483aededfe 100644 --- a/2021/34xxx/CVE-2021-34610.json +++ b/2021/34xxx/CVE-2021-34610.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-34610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.10.0, 6.9.6 and 6.8.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability." } ] } diff --git a/2021/34xxx/CVE-2021-34611.json b/2021/34xxx/CVE-2021-34611.json index 27d569e4765..67e8a0ddae5 100644 --- a/2021/34xxx/CVE-2021-34611.json +++ b/2021/34xxx/CVE-2021-34611.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-34611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba ClearPass Policy Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 6.10.0, 6.9.6 and 6.8.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-012.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability." } ] }