From 5cfe1ceb2fda0a9166c42d26175b0cb5dadec43a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 30 Mar 2021 00:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27918.json | 5 +++ 2021/25xxx/CVE-2021-25145.json | 65 ++++++++++++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25148.json | 59 ++++++++++++++++++++++++++++-- 2021/25xxx/CVE-2021-25149.json | 62 ++++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27291.json | 5 +++ 2021/28xxx/CVE-2021-28957.json | 5 +++ 2021/29xxx/CVE-2021-29424.json | 18 ++++++++++ 7 files changed, 210 insertions(+), 9 deletions(-) create mode 100644 2021/29xxx/CVE-2021-29424.json diff --git a/2020/27xxx/CVE-2020-27918.json b/2020/27xxx/CVE-2020-27918.json index 408570141c6..d162a6466a9 100644 --- a/2020/27xxx/CVE-2020-27918.json +++ b/2020/27xxx/CVE-2020-27918.json @@ -171,6 +171,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-8070916f7a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4877", + "url": "https://www.debian.org/security/2021/dsa-4877" } ] }, diff --git a/2021/25xxx/CVE-2021-25145.json b/2021/25xxx/CVE-2021-25145.json index 730abe2a8c5..59dd937883b 100644 --- a/2021/25xxx/CVE-2021-25145.json +++ b/2021/25xxx/CVE-2021-25145.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-25145", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant Access Points", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below" + }, + { + "version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below" + }, + { + "version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below" + }, + { + "version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below" + }, + { + "version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below" + }, + { + "version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote unauthorized disclosure of information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability." } ] } diff --git a/2021/25xxx/CVE-2021-25148.json b/2021/25xxx/CVE-2021-25148.json index 69eb055b167..65f906c21f1 100644 --- a/2021/25xxx/CVE-2021-25148.json +++ b/2021/25xxx/CVE-2021-25148.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-25148", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant Access Points", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below" + }, + { + "version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below" + }, + { + "version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below" + }, + { + "version_value": "Aruba Instant 8.6.x: 8.6.0.4 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary file modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability." } ] } diff --git a/2021/25xxx/CVE-2021-25149.json b/2021/25xxx/CVE-2021-25149.json index 3d22fc94987..836731830a3 100644 --- a/2021/25xxx/CVE-2021-25149.json +++ b/2021/25xxx/CVE-2021-25149.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-25149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant Access Points", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below" + }, + { + "version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below" + }, + { + "version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below" + }, + { + "version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below" + }, + { + "version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability." } ] } diff --git a/2021/27xxx/CVE-2021-27291.json b/2021/27xxx/CVE-2021-27291.json index 1726a3a43df..f0217cf1bc4 100644 --- a/2021/27xxx/CVE-2021-27291.json +++ b/2021/27xxx/CVE-2021-27291.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210319 [SECURITY] [DLA 2600-1] pygments security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00024.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4878", + "url": "https://www.debian.org/security/2021/dsa-4878" } ] } diff --git a/2021/28xxx/CVE-2021-28957.json b/2021/28xxx/CVE-2021-28957.json index 0560c896f8c..2ff74107fcb 100644 --- a/2021/28xxx/CVE-2021-28957.json +++ b/2021/28xxx/CVE-2021-28957.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999", "url": "https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4880", + "url": "https://www.debian.org/security/2021/dsa-4880" } ] } diff --git a/2021/29xxx/CVE-2021-29424.json b/2021/29xxx/CVE-2021-29424.json new file mode 100644 index 00000000000..ed80850ec95 --- /dev/null +++ b/2021/29xxx/CVE-2021-29424.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29424", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file