diff --git a/2021/35xxx/CVE-2021-35978.json b/2021/35xxx/CVE-2021-35978.json index b26f0d6a7ce..3faf4ebeb33 100644 --- a/2021/35xxx/CVE-2021-35978.json +++ b/2021/35xxx/CVE-2021-35978.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35978", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35978", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://digi.com", + "refsource": "MISC", + "name": "https://digi.com" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt", + "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt" } ] } diff --git a/2021/37xxx/CVE-2021-37187.json b/2021/37xxx/CVE-2021-37187.json index e469eef328c..966e3d11745 100644 --- a/2021/37xxx/CVE-2021-37187.json +++ b/2021/37xxx/CVE-2021-37187.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37187", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37187", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other users' passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.digi.com/search/results?q=transport", + "refsource": "MISC", + "name": "https://www.digi.com/search/results?q=transport" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt", + "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt" } ] } diff --git a/2021/37xxx/CVE-2021-37188.json b/2021/37xxx/CVE-2021-37188.json index f44ab91f931..e902aeff573 100644 --- a/2021/37xxx/CVE-2021-37188.json +++ b/2021/37xxx/CVE-2021-37188.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37188", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37188", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing the behavior of the gateway." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.digi.com/search/results?q=transport", + "refsource": "MISC", + "name": "https://www.digi.com/search/results?q=transport" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt", + "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt" } ] } diff --git a/2021/37xxx/CVE-2021-37189.json b/2021/37xxx/CVE-2021-37189.json index d0262bdfe81..84bedff80ac 100644 --- a/2021/37xxx/CVE-2021-37189.json +++ b/2021/37xxx/CVE-2021-37189.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37189", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37189", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.digi.com/search/results?q=transport", + "refsource": "MISC", + "name": "https://www.digi.com/search/results?q=transport" + }, + { + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt", + "url": "https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-04.txt" } ] } diff --git a/2021/44xxx/CVE-2021-44228.json b/2021/44xxx/CVE-2021-44228.json index 84d1e9cdb20..e2c9f80f75f 100644 --- a/2021/44xxx/CVE-2021-44228.json +++ b/2021/44xxx/CVE-2021-44228.json @@ -89,6 +89,16 @@ "refsource": "MISC", "url": "https://logging.apache.org/log4j/2.x/security.html", "name": "https://logging.apache.org/log4j/2.x/security.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", + "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2" } ] }, diff --git a/2021/44xxx/CVE-2021-44792.json b/2021/44xxx/CVE-2021-44792.json new file mode 100644 index 00000000000..12f28d1d691 --- /dev/null +++ b/2021/44xxx/CVE-2021-44792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44793.json b/2021/44xxx/CVE-2021-44793.json new file mode 100644 index 00000000000..121b0385f0b --- /dev/null +++ b/2021/44xxx/CVE-2021-44793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44794.json b/2021/44xxx/CVE-2021-44794.json new file mode 100644 index 00000000000..71b2cb511fa --- /dev/null +++ b/2021/44xxx/CVE-2021-44794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/44xxx/CVE-2021-44795.json b/2021/44xxx/CVE-2021-44795.json new file mode 100644 index 00000000000..b3a6713dfc0 --- /dev/null +++ b/2021/44xxx/CVE-2021-44795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-44795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4090.json b/2021/4xxx/CVE-2021-4090.json new file mode 100644 index 00000000000..04b3c157a38 --- /dev/null +++ b/2021/4xxx/CVE-2021-4090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4091.json b/2021/4xxx/CVE-2021-4091.json new file mode 100644 index 00000000000..a60df10f60d --- /dev/null +++ b/2021/4xxx/CVE-2021-4091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file