admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-23 22:01:08 +00:00
parent 72eab8f086
commit 92fd37ad17
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 404 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2021/35xxx/CVE-2021-35033.json
View File

@ -1 +1,119 @@
{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2021-35033"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"NBG6818 series firmware","version":{"version_data":[{"version_value":"1.00(ABSC.0)C0 through 1.00(ABSC.4)C0"}]}},{"product_name":"NBG7815 series firmware","version":{"version_data":[{"version_value":"1.00(ABSK.0)C0 through 1.00(ABSK.6)C0"}]}},{"product_name":"WSQ20 series firmware","version":{"version_data":[{"version_value":"1.00(ABOF.0)C0 through 1.00(ABOF.10)C0"}]}},{"product_name":"WSQ50 series firmware","version":{"version_data":[{"version_value":"1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0"}]}},{"product_name":"WSQ60 series firmware","version":{"version_data":[{"version_value":"1.00(ABND.0)C0 through 2.20(ABND.7)C0"}]}},{"product_name":"WSR30 series firmware","version":{"version_data":[{"version_value":"1.00(ABMY.0)C0 through 1.00(ABMY.11)C0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-260: Password in Configuration File"}]}]},"references":{"reference_data":[{"name":"https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml","refsource":"CONFIRM","url":"https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml"}]},"impact":{"cvss":{"baseScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user."}]}}
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@zyxel.com.tw",
"ID": "CVE-2021-35033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zyxel",
"product": {
"product_data": [
{
"product_name": "NBG6818 series firmware",
"version": {
"version_data": [
{
"version_value": "1.00(ABSC.0)C0 through 1.00(ABSC.4)C0"
}
]
}
},
{
"product_name": "NBG7815 series firmware",
"version": {
"version_data": [
{
"version_value": "1.00(ABSK.0)C0 through 1.00(ABSK.6)C0"
}
]
}
},
{
"product_name": "WSQ20 series firmware",
"version": {
"version_data": [
{
"version_value": "1.00(ABOF.0)C0 through 1.00(ABOF.10)C0"
}
]
}
},
{
"product_name": "WSQ50 series firmware",
"version": {
"version_data": [
{
"version_value": "1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0"
}
]
}
},
{
"product_name": "WSQ60 series firmware",
"version": {
"version_data": [
{
"version_value": "1.00(ABND.0)C0 through 2.20(ABND.7)C0"
}
]
}
},
{
"product_name": "WSR30 series firmware",
"version": {
"version_data": [
{
"version_value": "1.00(ABMY.0)C0 through 1.00(ABMY.11)C0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-260: Password in Configuration File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml",
"refsource": "CONFIRM",
"url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user."
}
]
}
}

14
2021/37xxx/CVE-2021-37997.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37997",
"ASSIGNER": "chrome-cve-admin@google.com"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -45,10 +46,14 @@
"references": {
"reference_data": [
{
"url": "https://crbug.com/1259864"
"url": "https://crbug.com/1259864",
"refsource": "MISC",
"name": "https://crbug.com/1259864"
},
{
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
}
]
},
@ -60,5 +65,4 @@
}
]
}
}
}

14
2021/37xxx/CVE-2021-37998.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37998",
"ASSIGNER": "chrome-cve-admin@google.com"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -45,10 +46,14 @@
"references": {
"reference_data": [
{
"url": "https://crbug.com/1259587"
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
"url": "https://crbug.com/1259587",
"refsource": "MISC",
"name": "https://crbug.com/1259587"
}
]
},
@ -60,5 +65,4 @@
}
]
}
}
}

14
2021/37xxx/CVE-2021-37999.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37999",
"ASSIGNER": "chrome-cve-admin@google.com"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -45,10 +46,14 @@
"references": {
"reference_data": [
{
"url": "https://crbug.com/1251541"
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
"url": "https://crbug.com/1251541",
"refsource": "MISC",
"name": "https://crbug.com/1251541"
}
]
},
@ -60,5 +65,4 @@
}
]
}
}
}

14
2021/38xxx/CVE-2021-38000.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38000",
"ASSIGNER": "chrome-cve-admin@google.com"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -45,10 +46,14 @@
"references": {
"reference_data": [
{
"url": "https://crbug.com/1249962"
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
"url": "https://crbug.com/1249962",
"refsource": "MISC",
"name": "https://crbug.com/1249962"
}
]
},
@ -60,5 +65,4 @@
}
]
}
}
}

14
2021/38xxx/CVE-2021-38001.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38001",
"ASSIGNER": "chrome-cve-admin@google.com"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -45,10 +46,14 @@
"references": {
"reference_data": [
{
"url": "https://crbug.com/1260577"
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
"url": "https://crbug.com/1260577",
"refsource": "MISC",
"name": "https://crbug.com/1260577"
}
]
},
@ -60,5 +65,4 @@
}
]
}
}
}

14
2021/38xxx/CVE-2021-38002.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38002",
"ASSIGNER": "chrome-cve-admin@google.com"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -45,10 +46,14 @@
"references": {
"reference_data": [
{
"url": "https://crbug.com/1260940"
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
"url": "https://crbug.com/1260940",
"refsource": "MISC",
"name": "https://crbug.com/1260940"
}
]
},
@ -60,5 +65,4 @@
}
]
}
}
}

14
2021/38xxx/CVE-2021-38003.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38003",
"ASSIGNER": "chrome-cve-admin@google.com"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -45,10 +46,14 @@
"references": {
"reference_data": [
{
"url": "https://crbug.com/1263462"
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
"url": "https://crbug.com/1263462",
"refsource": "MISC",
"name": "https://crbug.com/1263462"
}
]
},
@ -60,5 +65,4 @@
}
]
}
}
}

14
2021/38xxx/CVE-2021-38004.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38004",
"ASSIGNER": "chrome-cve-admin@google.com"
"ASSIGNER": "chrome-cve-admin@google.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -45,10 +46,14 @@
"references": {
"reference_data": [
{
"url": "https://crbug.com/1227170"
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
"url": "https://crbug.com/1227170",
"refsource": "MISC",
"name": "https://crbug.com/1227170"
}
]
},
@ -60,5 +65,4 @@
}
]
}
}
}

71
2021/42xxx/CVE-2021-42783.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"ID": "CVE-2021-42783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Missing Authentication in debug_post_set.cgi in D-Link DWR-932C E1 Firmware 1.0.0.4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DWR-932C E1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.0.4",
"version_value": "1.0.0.4"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10246",
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10246"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

71
2021/42xxx/CVE-2021-42784.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"ID": "CVE-2021-42784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in debug_fcgi in D-Link DWR-932C E1 Firmware 1.0.0.4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DWR-932C E1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.0.4",
"version_value": "1.0.0.4"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10246",
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10246"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

71
2021/42xxx/CVE-2021-42785.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve_disclosure@tech.gov.sg",
"ID": "CVE-2021-42785",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TightVNC Viewer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.8.59",
"version_value": "2.8.59"
}
]
}
}
]
},
"vendor_name": "GlavSoft LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eugene Lim from Government Technology Agency of Singapore"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.tightvnc.com/whatsnew.php",
"name": "https://www.tightvnc.com/whatsnew.php"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

18
2021/4xxx/CVE-2021-4013.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}