diff --git a/2021/35xxx/CVE-2021-35952.json b/2021/35xxx/CVE-2021-35952.json index a88aba9bb97..1e5b041fdbe 100644 --- a/2021/35xxx/CVE-2021-35952.json +++ b/2021/35xxx/CVE-2021-35952.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35952", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35952", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2", + "refsource": "MISC", + "name": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2" + }, + { + "refsource": "MISC", + "name": "https://payatu.com/advisory/lack-of-bluetooth-le-pairing-fastrack-reflex", + "url": "https://payatu.com/advisory/lack-of-bluetooth-le-pairing-fastrack-reflex" } ] } diff --git a/2021/35xxx/CVE-2021-35953.json b/2021/35xxx/CVE-2021-35953.json index 5df4b557a75..6469423f210 100644 --- a/2021/35xxx/CVE-2021-35953.json +++ b/2021/35xxx/CVE-2021-35953.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35953", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35953", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service (device outage) via crafted choices of the last three bytes of a characteristic value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2", + "refsource": "MISC", + "name": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2" + }, + { + "refsource": "MISC", + "name": "https://payatu.com/advisory/device-crash-fastrack-reflex-two-activity-tracker", + "url": "https://payatu.com/advisory/device-crash-fastrack-reflex-two-activity-tracker" } ] } diff --git a/2021/35xxx/CVE-2021-35954.json b/2021/35xxx/CVE-2021-35954.json index b3a42bdb037..b3d48a727b3 100644 --- a/2021/35xxx/CVE-2021-35954.json +++ b/2021/35xxx/CVE-2021-35954.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35954", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35954", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2", + "refsource": "MISC", + "name": "https://www.fastrack.in/shop/watch-smart-wearables-reflex-2" + }, + { + "refsource": "MISC", + "name": "https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex", + "url": "https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex" } ] } diff --git a/2021/43xxx/CVE-2021-43395.json b/2021/43xxx/CVE-2021-43395.json index 4440ac0a912..f52bac62cdd 100644 --- a/2021/43xxx/CVE-2021-43395.json +++ b/2021/43xxx/CVE-2021-43395.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-43395", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-43395", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c", + "refsource": "MISC", + "name": "https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c" + }, + { + "url": "https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c", + "refsource": "MISC", + "name": "https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c" + }, + { + "refsource": "CONFIRM", + "name": "https://www.oracle.com/security-alerts/cpujan2022.html", + "url": "https://www.oracle.com/security-alerts/cpujan2022.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.tribblix.org/relnotes.html", + "url": "http://www.tribblix.org/relnotes.html" + }, + { + "refsource": "MISC", + "name": "https://jgardner100.wordpress.com/2022/01/20/security-heads-up/", + "url": "https://jgardner100.wordpress.com/2022/01/20/security-heads-up/" + }, + { + "refsource": "CONFIRM", + "name": "https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424", + "url": "https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424" + }, + { + "refsource": "CONFIRM", + "name": "https://www.illumos.org/issues/14424", + "url": "https://www.illumos.org/issues/14424" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90", + "url": "https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90" + }, + { + "refsource": "MISC", + "name": "https://kebe.com/blog/?p=505", + "url": "https://kebe.com/blog/?p=505" } ] } diff --git a/2022/41xxx/CVE-2022-41765.json b/2022/41xxx/CVE-2022-41765.json index bf469912a7b..675bef9e5a7 100644 --- a/2022/41xxx/CVE-2022-41765.json +++ b/2022/41xxx/CVE-2022-41765.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41765", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41765", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T309894", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T309894" } ] } diff --git a/2022/41xxx/CVE-2022-41767.json b/2022/41xxx/CVE-2022-41767.json index 1822bf09a6a..d7df4738588 100644 --- a/2022/41xxx/CVE-2022-41767.json +++ b/2022/41xxx/CVE-2022-41767.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41767", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-41767", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T316304", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T316304" } ] }