From 6080558e686a443c5fc7387da15723dbbaf94be8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 28 Jun 2021 12:00:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/8xxx/CVE-2015-8559.json | 12 +++++- 2018/1xxx/CVE-2018-1138.json | 14 +++---- 2019/8xxx/CVE-2019-8261.json | 5 +++ 2019/8xxx/CVE-2019-8262.json | 5 +++ 2019/8xxx/CVE-2019-8263.json | 5 +++ 2019/8xxx/CVE-2019-8264.json | 5 +++ 2019/8xxx/CVE-2019-8265.json | 5 +++ 2020/35xxx/CVE-2020-35669.json | 5 +++ 2021/29xxx/CVE-2021-29157.json | 75 +++++++++++++++++++++++++++++++--- 2021/31xxx/CVE-2021-31540.json | 5 +++ 2021/32xxx/CVE-2021-32496.json | 50 +++++++++++++++++++++-- 2021/35xxx/CVE-2021-35514.json | 61 ++++++++++++++++++++++++--- 12 files changed, 224 insertions(+), 23 deletions(-) diff --git a/2015/8xxx/CVE-2015-8559.json b/2015/8xxx/CVE-2015-8559.json index 6a5a6dfa254..60ecced4cd2 100644 --- a/2015/8xxx/CVE-2015-8559.json +++ b/2015/8xxx/CVE-2015-8559.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages." + "value": "The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages." } ] }, @@ -61,6 +61,16 @@ "name": "https://github.com/chef/chef/issues/3871", "refsource": "CONFIRM", "url": "https://github.com/chef/chef/issues/3871" + }, + { + "refsource": "MISC", + "name": "https://discourse.chef.io/t/chef-infra-client-15-4-45-released/16081", + "url": "https://discourse.chef.io/t/chef-infra-client-15-4-45-released/16081" + }, + { + "refsource": "MISC", + "name": "https://github.com/chef/chef/pull/8885", + "url": "https://github.com/chef/chef/pull/8885" } ] } diff --git a/2018/1xxx/CVE-2018-1138.json b/2018/1xxx/CVE-2018-1138.json index c05a78a7f53..3eeb4712bcc 100644 --- a/2018/1xxx/CVE-2018-1138.json +++ b/2018/1xxx/CVE-2018-1138.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1138", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1138", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Assigned as a duplicate of CVE-2019-14827." } ] } diff --git a/2019/8xxx/CVE-2019-8261.json b/2019/8xxx/CVE-2019-8261.json index 4972461c476..06aefae0995 100644 --- a/2019/8xxx/CVE-2019-8261.json +++ b/2019/8xxx/CVE-2019-8261.json @@ -77,6 +77,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11" } ] } diff --git a/2019/8xxx/CVE-2019-8262.json b/2019/8xxx/CVE-2019-8262.json index 828a9c64244..2ba6e0b1a47 100644 --- a/2019/8xxx/CVE-2019-8262.json +++ b/2019/8xxx/CVE-2019-8262.json @@ -77,6 +77,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11" } ] } diff --git a/2019/8xxx/CVE-2019-8263.json b/2019/8xxx/CVE-2019-8263.json index cd2ab4b6a9d..3d0f4ff60e8 100644 --- a/2019/8xxx/CVE-2019-8263.json +++ b/2019/8xxx/CVE-2019-8263.json @@ -82,6 +82,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11" } ] } diff --git a/2019/8xxx/CVE-2019-8264.json b/2019/8xxx/CVE-2019-8264.json index 9181356fa11..5cc9b40e41c 100644 --- a/2019/8xxx/CVE-2019-8264.json +++ b/2019/8xxx/CVE-2019-8264.json @@ -77,6 +77,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11" } ] } diff --git a/2019/8xxx/CVE-2019-8265.json b/2019/8xxx/CVE-2019-8265.json index 739581334f3..7d3c6318027 100644 --- a/2019/8xxx/CVE-2019-8265.json +++ b/2019/8xxx/CVE-2019-8265.json @@ -77,6 +77,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11" } ] } diff --git a/2020/35xxx/CVE-2020-35669.json b/2020/35xxx/CVE-2020-35669.json index 3acd8d5f7d6..8b1d16edb9d 100644 --- a/2020/35xxx/CVE-2020-35669.json +++ b/2020/35xxx/CVE-2020-35669.json @@ -56,6 +56,11 @@ "url": "https://github.com/dart-lang/http/issues/511", "refsource": "MISC", "name": "https://github.com/dart-lang/http/issues/511" + }, + { + "refsource": "MISC", + "name": "https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133", + "url": "https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133" } ] } diff --git a/2021/29xxx/CVE-2021-29157.json b/2021/29xxx/CVE-2021-29157.json index 470b4b4ab9f..48677f2fce2 100644 --- a/2021/29xxx/CVE-2021-29157.json +++ b/2021/29xxx/CVE-2021-29157.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29157", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29157", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://dovecot.org/security", + "refsource": "MISC", + "name": "https://dovecot.org/security" + }, + { + "refsource": "CONFIRM", + "name": "https://www.openwall.com/lists/oss-security/2021/06/28/1", + "url": "https://www.openwall.com/lists/oss-security/2021/06/28/1" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31540.json b/2021/31xxx/CVE-2021-31540.json index df35a2adca2..3be9d98e238 100644 --- a/2021/31xxx/CVE-2021-31540.json +++ b/2021/31xxx/CVE-2021-31540.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.gruppotim.it/redteam", "url": "https://www.gruppotim.it/redteam" + }, + { + "refsource": "MISC", + "name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes", + "url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes" } ] } diff --git a/2021/32xxx/CVE-2021-32496.json b/2021/32xxx/CVE-2021-32496.json index 6cb3c1c41b1..408009e1fad 100644 --- a/2021/32xxx/CVE-2021-32496.json +++ b/2021/32xxx/CVE-2021-32496.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32496", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@sick.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SICK Visionary-S CX", + "version": { + "version_data": [ + { + "version_value": "<5.21.2.29154R" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inadequate SSH configuration in Visionary-S CX" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", + "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks." } ] } diff --git a/2021/35xxx/CVE-2021-35514.json b/2021/35xxx/CVE-2021-35514.json index d5f14ab30c1..9ac0401ba22 100644 --- a/2021/35xxx/CVE-2021-35514.json +++ b/2021/35xxx/CVE-2021-35514.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35514", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35514", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://vuln.ryotak.me/advisories/51", + "url": "https://vuln.ryotak.me/advisories/51" + }, + { + "refsource": "MISC", + "name": "https://github.com/whiteleaf7/narou/blob/develop/ChangeLog.md#380-20210627", + "url": "https://github.com/whiteleaf7/narou/blob/develop/ChangeLog.md#380-20210627" } ] }