diff --git a/2018/1xxx/CVE-2018-1311.json b/2018/1xxx/CVE-2018-1311.json index 5882964b2f7..40fbda327e0 100644 --- a/2018/1xxx/CVE-2018-1311.json +++ b/2018/1xxx/CVE-2018-1311.json @@ -78,6 +78,16 @@ "refsource": "MLIST", "name": "[xerces-c-users] 20210528 Security vulnerability - CVE-2018-1311", "url": "https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646@%3Cc-users.xerces.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[xerces-c-users] 20210528 RE: Security vulnerability - CVE-2018-1311", + "url": "https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625@%3Cc-users.xerces.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[xerces-c-users] 20210528 Re: Security vulnerability - CVE-2018-1311", + "url": "https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35@%3Cc-users.xerces.apache.org%3E" } ] }, diff --git a/2020/36xxx/CVE-2020-36243.json b/2020/36xxx/CVE-2020-36243.json index 584ab856264..eba0c35d8a2 100644 --- a/2020/36xxx/CVE-2020-36243.json +++ b/2020/36xxx/CVE-2020-36243.json @@ -61,6 +61,16 @@ "url": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability", "refsource": "MISC", "name": "https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability" + }, + { + "refsource": "MISC", + "name": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592", + "url": "https://community.sonarsource.com/t/openemr-5-0-2-1-command-injection-vulnerability-puts-health-records-at-risk/33592" + }, + { + "refsource": "MISC", + "name": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431", + "url": "https://community.open-emr.org/t/openemr-5-0-2-patch-5-has-been-released/15431" } ] } diff --git a/2021/21xxx/CVE-2021-21734.json b/2021/21xxx/CVE-2021-21734.json index a181c47b5c7..69dc3ab319d 100644 --- a/2021/21xxx/CVE-2021-21734.json +++ b/2021/21xxx/CVE-2021-21734.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21734", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZTE PON MDU devices", + "version": { + "version_data": [ + { + "version_value": "ZXA10 F821 V1.7.0P3T22,ZXA10 F822 V1.4.3T6,ZXA10 F819 V1.2.1T5,ZXA10 F832 V1.1.1T7,ZXA10 F839 V1.1.0T8,ZXA10 F809 V3.2.1T1,ZXA10 F822P V1.1.1T7,ZXA10 F832 V2.00.00.01" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cryptographic issues" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524", + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015524" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1, ZXA10 F822P V1.1.1T7, ZXA10 F832 V2.00.00.01" } ] } diff --git a/2021/27xxx/CVE-2021-27032.json b/2021/27xxx/CVE-2021-27032.json index b0c513062a3..f15af99672d 100644 --- a/2021/27xxx/CVE-2021-27032.json +++ b/2021/27xxx/CVE-2021-27032.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27032", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk Licensing Service", + "version": { + "version_data": [ + { + "version_value": "10.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://knowledge.autodesk.com/search-result/caas/downloads/content/autodesk-licensing-service-download.html", + "url": "https://knowledge.autodesk.com/search-result/caas/downloads/content/autodesk-licensing-service-download.html" + }, + { + "refsource": "MISC", + "name": "https://knowledge.autodesk.com/search-result/caas/downloads/content/autodesk-licensing-service-release-notes.html?collection=310021", + "url": "https://knowledge.autodesk.com/search-result/caas/downloads/content/autodesk-licensing-service-release-notes.html?collection=310021" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Autodesk Licensing Services was found to be vulnerable to privilege escalation issues. A limited privileges malicious user could run any number of tools on a system to identify services which are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration, and take ownership of the service. This issue was found by an external security researcher." } ] } diff --git a/2021/33xxx/CVE-2021-33618.json b/2021/33xxx/CVE-2021-33618.json new file mode 100644 index 00000000000..4ab0e441e8d --- /dev/null +++ b/2021/33xxx/CVE-2021-33618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33619.json b/2021/33xxx/CVE-2021-33619.json new file mode 100644 index 00000000000..9ce1e2ee419 --- /dev/null +++ b/2021/33xxx/CVE-2021-33619.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33619", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33620.json b/2021/33xxx/CVE-2021-33620.json new file mode 100644 index 00000000000..e6602fbd3dd --- /dev/null +++ b/2021/33xxx/CVE-2021-33620.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-33620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f", + "refsource": "MISC", + "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f" + }, + { + "url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch" + }, + { + "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch", + "refsource": "MISC", + "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33621.json b/2021/33xxx/CVE-2021-33621.json new file mode 100644 index 00000000000..d579834abdf --- /dev/null +++ b/2021/33xxx/CVE-2021-33621.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33621", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33622.json b/2021/33xxx/CVE-2021-33622.json new file mode 100644 index 00000000000..21e50a817d7 --- /dev/null +++ b/2021/33xxx/CVE-2021-33622.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33623.json b/2021/33xxx/CVE-2021-33623.json new file mode 100644 index 00000000000..ffdbba11e84 --- /dev/null +++ b/2021/33xxx/CVE-2021-33623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3567.json b/2021/3xxx/CVE-2021-3567.json new file mode 100644 index 00000000000..d2a4cac9236 --- /dev/null +++ b/2021/3xxx/CVE-2021-3567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file