diff --git a/2017/4xxx/CVE-2017-4995.json b/2017/4xxx/CVE-2017-4995.json index e56ac411047..7ae0d20d851 100644 --- a/2017/4xxx/CVE-2017-4995.json +++ b/2017/4xxx/CVE-2017-4995.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4", "url": "https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4", + "url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7525.json b/2017/7xxx/CVE-2017-7525.json index 06147597d4c..8b678edac48 100644 --- a/2017/7xxx/CVE-2017-7525.json +++ b/2017/7xxx/CVE-2017-7525.json @@ -348,6 +348,11 @@ "refsource": "MLIST", "name": "[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries", "url": "https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cassandra-commits] 20210927 [jira] [Commented] (CASSANDRA-15416) CVE-2017-7525 ( jackson-databind is vulnerable to Remote Code Execution) on version 3.11.4", + "url": "https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E" } ] } diff --git a/2020/11xxx/CVE-2020-11107.json b/2020/11xxx/CVE-2020-11107.json index 9228ae82408..70bbe8c3cad 100644 --- a/2020/11xxx/CVE-2020-11107.json +++ b/2020/11xxx/CVE-2020-11107.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.apachefriends.org/blog/new_xampp_20200401.html", "url": "https://www.apachefriends.org/blog/new_xampp_20200401.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.html" } ] } diff --git a/2021/23xxx/CVE-2021-23445.json b/2021/23xxx/CVE-2021-23445.json index c505e436a06..d284f40e47c 100644 --- a/2021/23xxx/CVE-2021-23445.json +++ b/2021/23xxx/CVE-2021-23445.json @@ -48,24 +48,29 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544", + "name": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376" }, { - "refsource": "CONFIRM", - "url": "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b" + "refsource": "MISC", + "url": "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b", + "name": "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b" }, { - "refsource": "CONFIRM", - "url": "https://cdn.datatables.net/1.11.3/" + "refsource": "MISC", + "url": "https://cdn.datatables.net/1.11.3/", + "name": "https://cdn.datatables.net/1.11.3/" } ] }, @@ -73,7 +78,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package datatables.net before 1.11.3.\n If an array is passed to the HTML escape entities function it would not have its contents escaped.\r\n\r\n\r\n" + "value": "This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped." } ] }, diff --git a/2021/25xxx/CVE-2021-25410.json b/2021/25xxx/CVE-2021-25410.json index dc080a58a03..4ae25fec1c8 100644 --- a/2021/25xxx/CVE-2021-25410.json +++ b/2021/25xxx/CVE-2021-25410.json @@ -63,6 +63,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6", "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6" + }, + { + "refsource": "MISC", + "name": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/", + "url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/" } ] }, diff --git a/2021/25xxx/CVE-2021-25413.json b/2021/25xxx/CVE-2021-25413.json index cc2169b489a..e6ea2c4fae4 100644 --- a/2021/25xxx/CVE-2021-25413.json +++ b/2021/25xxx/CVE-2021-25413.json @@ -63,6 +63,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6", "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6" + }, + { + "refsource": "MISC", + "name": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/", + "url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/" } ] }, diff --git a/2021/25xxx/CVE-2021-25414.json b/2021/25xxx/CVE-2021-25414.json index 9f218c88260..e346b8459f3 100644 --- a/2021/25xxx/CVE-2021-25414.json +++ b/2021/25xxx/CVE-2021-25414.json @@ -63,6 +63,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6", "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6" + }, + { + "refsource": "MISC", + "name": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/", + "url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/" } ] }, diff --git a/2021/25xxx/CVE-2021-25426.json b/2021/25xxx/CVE-2021-25426.json index 7cc22616091..5c704d21414 100644 --- a/2021/25xxx/CVE-2021-25426.json +++ b/2021/25xxx/CVE-2021-25426.json @@ -63,6 +63,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7", "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7" + }, + { + "refsource": "MISC", + "name": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/", + "url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/" } ] }, diff --git a/2021/25xxx/CVE-2021-25440.json b/2021/25xxx/CVE-2021-25440.json index c828d365c48..9c9222ffcbd 100644 --- a/2021/25xxx/CVE-2021-25440.json +++ b/2021/25xxx/CVE-2021-25440.json @@ -63,6 +63,11 @@ "refsource": "MISC", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7", "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7" + }, + { + "refsource": "MISC", + "name": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/", + "url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/" } ] }, diff --git a/2021/36xxx/CVE-2021-36134.json b/2021/36xxx/CVE-2021-36134.json index 7f0a1797c8b..a6bb67d9655 100644 --- a/2021/36xxx/CVE-2021-36134.json +++ b/2021/36xxx/CVE-2021-36134.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36134", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36134", + "STATE": "PUBLIC", + "TITLE": "Out of bounds write in Netop Vision Pro" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Douglas McKee of McAfee ATR" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS)." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mcafee.com/blogs/?p=127255&preview=true", + "url": "https://www.mcafee.com/blogs/?p=127255&preview=true" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37761.json b/2021/37xxx/CVE-2021-37761.json index fe54cbdab06..e12de4162eb 100644 --- a/2021/37xxx/CVE-2021-37761.json +++ b/2021/37xxx/CVE-2021-37761.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37761", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37761", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com", + "refsource": "MISC", + "name": "https://www.manageengine.com" + }, + { + "refsource": "MISC", + "name": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111", + "url": "https://www.manageengine.com/products/ad-manager/release-notes.html#7111" } ] } diff --git a/2021/3xxx/CVE-2021-3836.json b/2021/3xxx/CVE-2021-3836.json new file mode 100644 index 00000000000..a8446aa56aa --- /dev/null +++ b/2021/3xxx/CVE-2021-3836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40329.json b/2021/40xxx/CVE-2021-40329.json index 5667bb0e8a2..921959ed702 100644 --- a/2021/40xxx/CVE-2021-40329.json +++ b/2021/40xxx/CVE-2021-40329.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40329", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40329", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://docs.pingidentity.com/bundle/pingfederate-103/page/cou1615333347158.html", + "url": "https://docs.pingidentity.com/bundle/pingfederate-103/page/cou1615333347158.html" } ] } diff --git a/2021/41xxx/CVE-2021-41617.json b/2021/41xxx/CVE-2021-41617.json index d968c16d434..443e8ee25bc 100644 --- a/2021/41xxx/CVE-2021-41617.json +++ b/2021/41xxx/CVE-2021-41617.json @@ -66,6 +66,11 @@ "url": "https://www.openssh.com/txt/release-8.8", "refsource": "MISC", "name": "https://www.openssh.com/txt/release-8.8" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1190975", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1190975" } ] } diff --git a/2021/41xxx/CVE-2021-41753.json b/2021/41xxx/CVE-2021-41753.json index f9b2a99e55a..09f72b718f5 100644 --- a/2021/41xxx/CVE-2021-41753.json +++ b/2021/41xxx/CVE-2021-41753.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41753", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41753", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10243", + "refsource": "MISC", + "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10243" } ] }