diff --git a/2021/22xxx/CVE-2021-22669.json b/2021/22xxx/CVE-2021-22669.json index fecaf03ddcc..d4b54b2ba3e 100644 --- a/2021/22xxx/CVE-2021-22669.json +++ b/2021/22xxx/CVE-2021-22669.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess/SCADA", + "version": { + "version_data": [ + { + "version_value": "WebAccess/SCADA Versions 9.0.1 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect permissions are set to default on the \u2018Project Management\u2019 page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator\u2019s password and login as an administrator to escalate privileges on the system." } ] } diff --git a/2021/31xxx/CVE-2021-31646.json b/2021/31xxx/CVE-2021-31646.json index fb56c9a516a..a35094882c5 100644 --- a/2021/31xxx/CVE-2021-31646.json +++ b/2021/31xxx/CVE-2021-31646.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31646", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31646", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote). The affected component is the file forgot_pwd.php - it uses a weak algorithm for the generation of password recovery tokens (the PHP uniqueid function), allowing a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gestsup.fr/index.php?page=download", + "refsource": "MISC", + "name": "https://gestsup.fr/index.php?page=download" + }, + { + "refsource": "MISC", + "name": "https://dojo.maltem.ca/public/advisories/CVE-2021-31646.html", + "url": "https://dojo.maltem.ca/public/advisories/CVE-2021-31646.html" + }, + { + "refsource": "MISC", + "name": "https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.10&type=patch", + "url": "https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.10&type=patch" } ] } diff --git a/2021/31xxx/CVE-2021-31783.json b/2021/31xxx/CVE-2021-31783.json index 6449741c3e0..1178a1a6e82 100644 --- a/2021/31xxx/CVE-2021-31783.json +++ b/2021/31xxx/CVE-2021-31783.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31783", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31783", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://piwigo.org/ext/index.php?cid=null", + "refsource": "MISC", + "name": "https://piwigo.org/ext/index.php?cid=null" + }, + { + "url": "https://github.com/Piwigo/LocalFilesEditor/issues/2", + "refsource": "MISC", + "name": "https://github.com/Piwigo/LocalFilesEditor/issues/2" + }, + { + "url": "https://github.com/Piwigo/LocalFilesEditor/commit/dda691d3e45bfd166ac175c70bd8b91cb4917b6b", + "refsource": "MISC", + "name": "https://github.com/Piwigo/LocalFilesEditor/commit/dda691d3e45bfd166ac175c70bd8b91cb4917b6b" } ] } diff --git a/2021/31xxx/CVE-2021-31784.json b/2021/31xxx/CVE-2021-31784.json index d0ce6e3eaf6..d08219f12b9 100644 --- a/2021/31xxx/CVE-2021-31784.json +++ b/2021/31xxx/CVE-2021-31784.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31784", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31784", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.opendesign.com/security-advisories", + "refsource": "MISC", + "name": "https://www.opendesign.com/security-advisories" } ] }