From 5cb9fe44522b8327fe7915504ddb272b0467ef46 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Jul 2021 18:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11633.json | 50 +++++++++- 2021/20xxx/CVE-2021-20496.json | 174 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20497.json | 172 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20498.json | 174 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20499.json | 172 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20500.json | 174 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20510.json | 176 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20511.json | 176 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20523.json | 176 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20524.json | 172 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20533.json | 174 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20534.json | 172 ++++++++++++++++---------------- 2021/20xxx/CVE-2021-20537.json | 174 ++++++++++++++++---------------- 2021/29xxx/CVE-2021-29699.json | 174 ++++++++++++++++---------------- 2021/29xxx/CVE-2021-29742.json | 176 ++++++++++++++++----------------- 2021/34xxx/CVE-2021-34827.json | 124 +++++++++++------------ 2021/34xxx/CVE-2021-34828.json | 124 +++++++++++------------ 2021/34xxx/CVE-2021-34829.json | 124 +++++++++++------------ 2021/34xxx/CVE-2021-34830.json | 124 +++++++++++------------ 19 files changed, 1517 insertions(+), 1465 deletions(-) diff --git a/2020/11xxx/CVE-2020-11633.json b/2020/11xxx/CVE-2020-11633.json index 6358c33a1c0..882dd59f6b5 100644 --- a/2020/11xxx/CVE-2020-11633.json +++ b/2020/11xxx/CVE-2020-11633.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-11633", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@zscaler.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.81", + "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2020?applicable_category=Windows&applicable_version=2.1.2.81" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges." } ] } diff --git a/2021/20xxx/CVE-2021-20496.json b/2021/20xxx/CVE-2021-20496.json index 9fbe4471143..ce31cdd506a 100644 --- a/2021/20xxx/CVE-2021-20496.json +++ b/2021/20xxx/CVE-2021-20496.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "CVE_data_meta" : { - "ID" : "CVE-2021-20496", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } - ] - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "CVE_data_meta": { + "ID": "CVE-2021-20496", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - }, - "product_name" : "Security Verify Access Docker" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "I" : "L", - "SCORE" : "2.700", - "UI" : "N", - "C" : "N", - "PR" : "H", - "AV" : "N", - "A" : "N", - "AC" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197966", - "refsource" : "XF", - "name" : "ibm-sam-cve202120496-sec-bypass (197966)", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + }, + "product_name": "Security Verify Access Docker" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "I": "L", + "SCORE": "2.700", + "UI": "N", + "C": "N", + "PR": "H", + "AV": "N", + "A": "N", + "AC": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6471895", + "name": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197966", + "refsource": "XF", + "name": "ibm-sam-cve202120496-sec-bypass (197966)", + "title": "X-Force Vulnerability Report" + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20497.json b/2021/20xxx/CVE-2021-20497.json index 1f8d79ad2ed..c98dd4b23dc 100644 --- a/2021/20xxx/CVE-2021-20497.json +++ b/2021/20xxx/CVE-2021-20497.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "url" : "https://www.ibm.com/support/pages/node/6471895" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197969", - "refsource" : "XF", - "name" : "ibm-sam-cve202120497-info-disc (197969)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "C" : "H", - "SCORE" : "5.900", - "UI" : "N", - "I" : "N", - "S" : "U", - "AC" : "H", - "AV" : "N", - "A" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Access Docker", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "url": "https://www.ibm.com/support/pages/node/6471895" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197969", + "refsource": "XF", + "name": "ibm-sam-cve202120497-info-disc (197969)", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "C": "H", + "SCORE": "5.900", + "UI": "N", + "I": "N", + "S": "U", + "AC": "H", + "AV": "N", + "A": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Verify Access Docker", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2021-20497", - "DATE_PUBLIC" : "2021-07-13T00:00:00" - }, - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2021-20497", + "DATE_PUBLIC": "2021-07-13T00:00:00" + }, + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20498.json b/2021/20xxx/CVE-2021-20498.json index 76eb9d8c57d..884f19985c5 100644 --- a/2021/20xxx/CVE-2021-20498.json +++ b/2021/20xxx/CVE-2021-20498.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ID" : "CVE-2021-20498" - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - }, - "product_name" : "Security Verify Access Docker" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "PR" : "N", - "SCORE" : "5.300", - "C" : "L", - "UI" : "N", - "S" : "U", - "I" : "N", - "AV" : "N", - "A" : "N", - "AC" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972." - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sam-cve202120498-info-disc (197972)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197972" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ID": "CVE-2021-20498" + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + }, + "product_name": "Security Verify Access Docker" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "PR": "N", + "SCORE": "5.300", + "C": "L", + "UI": "N", + "S": "U", + "I": "N", + "AV": "N", + "A": "N", + "AC": "L" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972." + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "name": "https://www.ibm.com/support/pages/node/6471895", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sam-cve202120498-info-disc (197972)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197972" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20499.json b/2021/20xxx/CVE-2021-20499.json index 744fb155af4..e5f564d6208 100644 --- a/2021/20xxx/CVE-2021-20499.json +++ b/2021/20xxx/CVE-2021-20499.json @@ -1,90 +1,90 @@ { - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "name" : "https://www.ibm.com/support/pages/node/6471895" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197973", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sam-cve202120499-info-disc (197973)" - } - ] - }, - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "A" : "N", - "AV" : "N", - "AC" : "L", - "S" : "U", - "I" : "N", - "SCORE" : "2.700", - "C" : "L", - "UI" : "N", - "PR" : "H" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Access Docker", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - } + "url": "https://www.ibm.com/support/pages/node/6471895", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "name": "https://www.ibm.com/support/pages/node/6471895" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197973", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sam-cve202120499-info-disc (197973)" } - ] - } - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ID" : "CVE-2021-20499", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + ] + }, + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "A": "N", + "AV": "N", + "AC": "L", + "S": "U", + "I": "N", + "SCORE": "2.700", + "C": "L", + "UI": "N", + "PR": "H" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Access Docker", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + } + } ] - } - ] - } -} + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ID": "CVE-2021-20499", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20500.json b/2021/20xxx/CVE-2021-20500.json index bb231aadfc3..c5e1133a7b3 100644 --- a/2021/20xxx/CVE-2021-20500.json +++ b/2021/20xxx/CVE-2021-20500.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-20500", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - }, - "product_name" : "Security Verify Access Docker" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "A" : "N", - "AV" : "L", - "S" : "U", - "I" : "N", - "PR" : "H", - "C" : "H", - "SCORE" : "4.400", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6471895" - }, - { - "refsource" : "XF", - "name" : "ibm-sam-cve202120500-info-disc (197980)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/197980" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "CVE_data_meta": { + "ID": "CVE-2021-20500", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + }, + "product_name": "Security Verify Access Docker" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "A": "N", + "AV": "L", + "S": "U", + "I": "N", + "PR": "H", + "C": "H", + "SCORE": "4.400", + "UI": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "name": "https://www.ibm.com/support/pages/node/6471895", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6471895" + }, + { + "refsource": "XF", + "name": "ibm-sam-cve202120500-info-disc (197980)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197980" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20510.json b/2021/20xxx/CVE-2021-20510.json index 9f1294f0a51..a950fa4d22a 100644 --- a/2021/20xxx/CVE-2021-20510.json +++ b/2021/20xxx/CVE-2021-20510.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Access Docker", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Verify Access Docker", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ID" : "CVE-2021-20510" - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sam-cve202120510-info-disc (198299)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198299" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "I" : "N", - "S" : "C", - "SCORE" : "6.800", - "C" : "H", - "UI" : "N", - "PR" : "H", - "A" : "N", - "AV" : "N", - "AC" : "L" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299", - "lang" : "eng" - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ID": "CVE-2021-20510" + }, + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6471895", + "name": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sam-cve202120510-info-disc (198299)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198299" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "I": "N", + "S": "C", + "SCORE": "6.800", + "C": "H", + "UI": "N", + "PR": "H", + "A": "N", + "AV": "N", + "AC": "L" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20511.json b/2021/20xxx/CVE-2021-20511.json index e5281c70aa7..54b0a7433e4 100644 --- a/2021/20xxx/CVE-2021-20511.json +++ b/2021/20xxx/CVE-2021-20511.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Access Docker", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Verify Access Docker", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ID" : "CVE-2021-20511" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198300", - "refsource" : "XF", - "name" : "ibm-sam-cve202120511-info-disc (198300)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "A" : "N", - "AV" : "A", - "PR" : "H", - "SCORE" : "5.200", - "UI" : "N", - "C" : "H", - "S" : "U", - "I" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.", - "lang" : "eng" - } - ] - } -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ID": "CVE-2021-20511" + }, + "data_format": "MITRE", + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6471895", + "name": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198300", + "refsource": "XF", + "name": "ibm-sam-cve202120511-info-disc (198300)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "A": "N", + "AV": "A", + "PR": "H", + "SCORE": "5.200", + "UI": "N", + "C": "H", + "S": "U", + "I": "L" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20523.json b/2021/20xxx/CVE-2021-20523.json index 8eb4968727d..fe2f5eee40a 100644 --- a/2021/20xxx/CVE-2021-20523.json +++ b/2021/20xxx/CVE-2021-20523.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "I" : "N", - "SCORE" : "2.700", - "C" : "L", - "UI" : "N", - "PR" : "H", - "A" : "N", - "AV" : "N", - "AC" : "L" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "url" : "https://www.ibm.com/support/pages/node/6471895" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sam-cve202120523-info-disc (198660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198660" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-20523", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Access Docker", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "I": "N", + "SCORE": "2.700", + "C": "L", + "UI": "N", + "PR": "H", + "A": "N", + "AV": "N", + "AC": "L" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" } - ] - } - } -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "url": "https://www.ibm.com/support/pages/node/6471895" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-sam-cve202120523-info-disc (198660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198660" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2021-20523", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Access Docker", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20524.json b/2021/20xxx/CVE-2021-20524.json index 5d458656b15..94455d289f5 100644 --- a/2021/20xxx/CVE-2021-20524.json +++ b/2021/20xxx/CVE-2021-20524.json @@ -1,90 +1,90 @@ { - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198661", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sam-cve202120524-xss (198661)" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "R", - "SCORE" : "4.800", - "C" : "L", - "PR" : "H", - "I" : "L", - "S" : "C", - "AV" : "N", - "A" : "N", - "AC" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - }, - "product_name" : "Security Verify Access Docker" - } - ] - }, - "vendor_name" : "IBM" + "url": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "name": "https://www.ibm.com/support/pages/node/6471895", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198661", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sam-cve202120524-xss (198661)" } - ] - } - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "UI": "R", + "SCORE": "4.800", + "C": "L", + "PR": "H", + "I": "L", + "S": "C", + "AV": "N", + "A": "N", + "AC": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + }, + "product_name": "Security Verify Access Docker" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ID" : "CVE-2021-20524" - } -} + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ID": "CVE-2021-20524" + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20533.json b/2021/20xxx/CVE-2021-20533.json index c084deba0d6..34361777673 100644 --- a/2021/20xxx/CVE-2021-20533.json +++ b/2021/20xxx/CVE-2021-20533.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-20533", - "DATE_PUBLIC" : "2021-07-13T00:00:00" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } - ] - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-20533", + "DATE_PUBLIC": "2021-07-13T00:00:00" + }, + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - }, - "product_name" : "Security Verify Access Docker" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "H", - "S" : "C", - "SCORE" : "8.400", - "UI" : "N", - "C" : "H", - "PR" : "H", - "A" : "H", - "AV" : "A", - "AC" : "L" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-sam-cve202120533-command-injection (198813)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198813" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + }, + "product_name": "Security Verify Access Docker" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "H", + "S": "C", + "SCORE": "8.400", + "UI": "N", + "C": "H", + "PR": "H", + "A": "H", + "AV": "A", + "AC": "L" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "name": "https://www.ibm.com/support/pages/node/6471895", + "refsource": "CONFIRM" + }, + { + "name": "ibm-sam-cve202120533-command-injection (198813)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198813" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20534.json b/2021/20xxx/CVE-2021-20534.json index 2bbe0b1dacb..902d1337430 100644 --- a/2021/20xxx/CVE-2021-20534.json +++ b/2021/20xxx/CVE-2021-20534.json @@ -1,90 +1,90 @@ { - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "name" : "https://www.ibm.com/support/pages/node/6471895" - }, - { - "name" : "ibm-sam-cve202120534-open-redirect (198814)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198814" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "H", - "S" : "U", - "PR" : "H", - "SCORE" : "4.500", - "UI" : "R", - "C" : "N", - "AV" : "N", - "A" : "N", - "AC" : "L" - }, - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814", - "lang" : "eng" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Access Docker", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - } + "url": "https://www.ibm.com/support/pages/node/6471895", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "name": "https://www.ibm.com/support/pages/node/6471895" + }, + { + "name": "ibm-sam-cve202120534-open-redirect (198814)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198814" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "H", + "S": "U", + "PR": "H", + "SCORE": "4.500", + "UI": "R", + "C": "N", + "AV": "N", + "A": "N", + "AC": "L" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814", + "lang": "eng" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Access Docker", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2021-20534", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_type" : "CVE", - "data_format" : "MITRE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2021-20534", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20537.json b/2021/20xxx/CVE-2021-20537.json index 4d6b1798a3e..f718cbc9c19 100644 --- a/2021/20xxx/CVE-2021-20537.json +++ b/2021/20xxx/CVE-2021-20537.json @@ -1,90 +1,90 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ID" : "CVE-2021-20537" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - }, - "product_name" : "Security Verify Access Docker" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "AV" : "N", - "A" : "N", - "C" : "H", - "SCORE" : "6.500", - "UI" : "N", - "PR" : "L", - "I" : "N", - "S" : "U" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918" - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198918", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sam-cve202120537-infor-disc (198918)", - "refsource" : "XF" - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ID": "CVE-2021-20537" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + }, + "product_name": "Security Verify Access Docker" + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "AV": "N", + "A": "N", + "C": "H", + "SCORE": "6.500", + "UI": "N", + "PR": "L", + "I": "N", + "S": "U" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918" + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "name": "https://www.ibm.com/support/pages/node/6471895", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198918", + "title": "X-Force Vulnerability Report", + "name": "ibm-sam-cve202120537-infor-disc (198918)", + "refsource": "XF" + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29699.json b/2021/29xxx/CVE-2021-29699.json index 793b655ea67..e8f61efb27a 100644 --- a/2021/29xxx/CVE-2021-29699.json +++ b/2021/29xxx/CVE-2021-29699.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-07-13T00:00:00", - "ID" : "CVE-2021-29699", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Access Docker", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "AV" : "A", - "A" : "H", - "AC" : "L", - "S" : "U", - "I" : "H", - "C" : "H", - "SCORE" : "6.600", - "UI" : "R", - "PR" : "H" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600." - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/200600", - "refsource" : "XF", - "name" : "ibm-sam-cve202129699-file-upload (200600)", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "DATE_PUBLIC": "2021-07-13T00:00:00", + "ID": "CVE-2021-29699", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Verify Access Docker", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "AV": "A", + "A": "H", + "AC": "L", + "S": "U", + "I": "H", + "C": "H", + "SCORE": "6.600", + "UI": "R", + "PR": "H" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600." + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6471895", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200600", + "refsource": "XF", + "name": "ibm-sam-cve202129699-file-upload (200600)", + "title": "X-Force Vulnerability Report" + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29742.json b/2021/29xxx/CVE-2021-29742.json index ea52843c277..c2001855abc 100644 --- a/2021/29xxx/CVE-2021-29742.json +++ b/2021/29xxx/CVE-2021-29742.json @@ -1,90 +1,90 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "PR" : "N", - "SCORE" : "7.900", - "UI" : "R", - "C" : "H", - "S" : "C", - "I" : "H", - "AV" : "A", - "A" : "H", - "AC" : "H" - } - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6471895", - "name" : "https://www.ibm.com/support/pages/node/6471895", - "title" : "IBM Security Bulletin 6471895 (Security Verify Access Docker)", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "name" : "ibm-sam-cve202129742-session-fixation (201483)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/201483" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } - ] - } - ] - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-29742", - "DATE_PUBLIC" : "2021-07-13T00:00:00" - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Verify Access Docker", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "PR": "N", + "SCORE": "7.900", + "UI": "R", + "C": "H", + "S": "C", + "I": "H", + "AV": "A", + "A": "H", + "AC": "H" } - ] - } - } -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6471895", + "name": "https://www.ibm.com/support/pages/node/6471895", + "title": "IBM Security Bulletin 6471895 (Security Verify Access Docker)", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "name": "ibm-sam-cve202129742-session-fixation (201483)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201483" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-29742", + "DATE_PUBLIC": "2021-07-13T00:00:00" + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Verify Access Docker", + "version": { + "version_data": [ + { + "version_value": "10.0.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34827.json b/2021/34xxx/CVE-2021-34827.json index 4c9293c0346..6439db44523 100644 --- a/2021/34xxx/CVE-2021-34827.json +++ b/2021/34xxx/CVE-2021-34827.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-34827", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "DAP-1330", - "version": { - "version_data": [ - { - "version_value": "1.13B01 BETA" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-34827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DAP-1330", + "version": { + "version_data": [ + { + "version_value": "1.13B01 BETA" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" } - } ] - }, - "vendor_name": "D-Link" } - ] - } - }, - "credit": "phieulang", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.\n Was ZDI-CAN-12029." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121: Stack-based Buffer Overflow" - } + }, + "credit": "phieulang", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-679/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-679/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-679/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34828.json b/2021/34xxx/CVE-2021-34828.json index d91744c4a98..313ca38dc1c 100644 --- a/2021/34xxx/CVE-2021-34828.json +++ b/2021/34xxx/CVE-2021-34828.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-34828", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "DAP-1330", - "version": { - "version_data": [ - { - "version_value": "1.13B01 BETA" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-34828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DAP-1330", + "version": { + "version_data": [ + { + "version_value": "1.13B01 BETA" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" } - } ] - }, - "vendor_name": "D-Link" } - ] - } - }, - "credit": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" - } + }, + "credit": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-680/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-680/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-680/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34829.json b/2021/34xxx/CVE-2021-34829.json index 72777bb4972..a881c755c33 100644 --- a/2021/34xxx/CVE-2021-34829.json +++ b/2021/34xxx/CVE-2021-34829.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-34829", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "DAP-1330", - "version": { - "version_data": [ - { - "version_value": "1.13B01 BETA" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-34829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DAP-1330", + "version": { + "version_data": [ + { + "version_value": "1.13B01 BETA" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" } - } ] - }, - "vendor_name": "D-Link" } - ] - } - }, - "credit": "phieulang", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" - } + }, + "credit": "phieulang", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-681/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-681/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-681/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34830.json b/2021/34xxx/CVE-2021-34830.json index b4dfdd5837a..c133413399a 100644 --- a/2021/34xxx/CVE-2021-34830.json +++ b/2021/34xxx/CVE-2021-34830.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-34830", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "DAP-1330", - "version": { - "version_data": [ - { - "version_value": "1.13B01 BETA" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-34830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DAP-1330", + "version": { + "version_data": [ + { + "version_value": "1.13B01 BETA" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" } - } ] - }, - "vendor_name": "D-Link" } - ] - } - }, - "credit": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. \n Was ZDI-CAN-12028." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121: Stack-based Buffer Overflow" - } + }, + "credit": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-682/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-682/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-682/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file