From 92fd37ad17c88b11dfc983f5c75c6ffd29072afa Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 23 Nov 2021 22:01:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/35xxx/CVE-2021-35033.json | 120 ++++++++++++++++++++++++++++++++- 2021/37xxx/CVE-2021-37997.json | 14 ++-- 2021/37xxx/CVE-2021-37998.json | 14 ++-- 2021/37xxx/CVE-2021-37999.json | 14 ++-- 2021/38xxx/CVE-2021-38000.json | 14 ++-- 2021/38xxx/CVE-2021-38001.json | 14 ++-- 2021/38xxx/CVE-2021-38002.json | 14 ++-- 2021/38xxx/CVE-2021-38003.json | 14 ++-- 2021/38xxx/CVE-2021-38004.json | 14 ++-- 2021/42xxx/CVE-2021-42783.json | 71 +++++++++++++++++-- 2021/42xxx/CVE-2021-42784.json | 71 +++++++++++++++++-- 2021/42xxx/CVE-2021-42785.json | 71 +++++++++++++++++-- 2021/4xxx/CVE-2021-4013.json | 18 +++++ 13 files changed, 404 insertions(+), 59 deletions(-) create mode 100644 2021/4xxx/CVE-2021-4013.json diff --git a/2021/35xxx/CVE-2021-35033.json b/2021/35xxx/CVE-2021-35033.json index ed7d0241735..ce8cbfad376 100644 --- a/2021/35xxx/CVE-2021-35033.json +++ b/2021/35xxx/CVE-2021-35033.json @@ -1 +1,119 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2021-35033"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"NBG6818 series firmware","version":{"version_data":[{"version_value":"1.00(ABSC.0)C0 through 1.00(ABSC.4)C0"}]}},{"product_name":"NBG7815 series firmware","version":{"version_data":[{"version_value":"1.00(ABSK.0)C0 through 1.00(ABSK.6)C0"}]}},{"product_name":"WSQ20 series firmware","version":{"version_data":[{"version_value":"1.00(ABOF.0)C0 through 1.00(ABOF.10)C0"}]}},{"product_name":"WSQ50 series firmware","version":{"version_data":[{"version_value":"1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0"}]}},{"product_name":"WSQ60 series firmware","version":{"version_data":[{"version_value":"1.00(ABND.0)C0 through 2.20(ABND.7)C0"}]}},{"product_name":"WSR30 series firmware","version":{"version_data":[{"version_value":"1.00(ABMY.0)C0 through 1.00(ABMY.11)C0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-260: Password in Configuration File"}]}]},"references":{"reference_data":[{"name":"https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml","refsource":"CONFIRM","url":"https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml"}]},"impact":{"cvss":{"baseScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user."}]}} +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security@zyxel.com.tw", + "ID": "CVE-2021-35033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "NBG6818 series firmware", + "version": { + "version_data": [ + { + "version_value": "1.00(ABSC.0)C0 through 1.00(ABSC.4)C0" + } + ] + } + }, + { + "product_name": "NBG7815 series firmware", + "version": { + "version_data": [ + { + "version_value": "1.00(ABSK.0)C0 through 1.00(ABSK.6)C0" + } + ] + } + }, + { + "product_name": "WSQ20 series firmware", + "version": { + "version_data": [ + { + "version_value": "1.00(ABOF.0)C0 through 1.00(ABOF.10)C0" + } + ] + } + }, + { + "product_name": "WSQ50 series firmware", + "version": { + "version_data": [ + { + "version_value": "1.00(ABKJ.0)C0 through 2.20(ABKJ.6)C0" + } + ] + } + }, + { + "product_name": "WSQ60 series firmware", + "version": { + "version_data": [ + { + "version_value": "1.00(ABND.0)C0 through 2.20(ABND.7)C0" + } + ] + } + }, + { + "product_name": "WSR30 series firmware", + "version": { + "version_data": [ + { + "version_value": "1.00(ABMY.0)C0 through 1.00(ABMY.11)C0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-260: Password in Configuration File" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml", + "refsource": "CONFIRM", + "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_pre-configured_password_management_vulnerability_of_home_routers_and_WiFi_systems.shtml" + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.8", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured password management could allow an attacker to obtain root access of the device, if the local attacker dismantles the device and uses a USB-to-UART cable to connect the device, or if the remote assistance feature had been enabled by an authenticated user." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37997.json b/2021/37xxx/CVE-2021-37997.json index 1b90be01cdb..d18d3655745 100644 --- a/2021/37xxx/CVE-2021-37997.json +++ b/2021/37xxx/CVE-2021-37997.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37997", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1259864" + "url": "https://crbug.com/1259864", + "refsource": "MISC", + "name": "https://crbug.com/1259864" }, { - "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" } ] }, @@ -60,5 +65,4 @@ } ] } -} - +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37998.json b/2021/37xxx/CVE-2021-37998.json index 950a5b50ad1..26d98116b98 100644 --- a/2021/37xxx/CVE-2021-37998.json +++ b/2021/37xxx/CVE-2021-37998.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37998", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1259587" + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" }, { - "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" + "url": "https://crbug.com/1259587", + "refsource": "MISC", + "name": "https://crbug.com/1259587" } ] }, @@ -60,5 +65,4 @@ } ] } -} - +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37999.json b/2021/37xxx/CVE-2021-37999.json index bd5de714354..662eac832b5 100644 --- a/2021/37xxx/CVE-2021-37999.json +++ b/2021/37xxx/CVE-2021-37999.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37999", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1251541" + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" }, { - "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" + "url": "https://crbug.com/1251541", + "refsource": "MISC", + "name": "https://crbug.com/1251541" } ] }, @@ -60,5 +65,4 @@ } ] } -} - +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38000.json b/2021/38xxx/CVE-2021-38000.json index 44cf0b22e89..f1d1507e371 100644 --- a/2021/38xxx/CVE-2021-38000.json +++ b/2021/38xxx/CVE-2021-38000.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38000", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1249962" + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" }, { - "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" + "url": "https://crbug.com/1249962", + "refsource": "MISC", + "name": "https://crbug.com/1249962" } ] }, @@ -60,5 +65,4 @@ } ] } -} - +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38001.json b/2021/38xxx/CVE-2021-38001.json index 83d3b2600c2..8cc08cd3265 100644 --- a/2021/38xxx/CVE-2021-38001.json +++ b/2021/38xxx/CVE-2021-38001.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38001", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1260577" + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" }, { - "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" + "url": "https://crbug.com/1260577", + "refsource": "MISC", + "name": "https://crbug.com/1260577" } ] }, @@ -60,5 +65,4 @@ } ] } -} - +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38002.json b/2021/38xxx/CVE-2021-38002.json index d47b49686e5..77aead6c3ee 100644 --- a/2021/38xxx/CVE-2021-38002.json +++ b/2021/38xxx/CVE-2021-38002.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38002", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1260940" + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" }, { - "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" + "url": "https://crbug.com/1260940", + "refsource": "MISC", + "name": "https://crbug.com/1260940" } ] }, @@ -60,5 +65,4 @@ } ] } -} - +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38003.json b/2021/38xxx/CVE-2021-38003.json index 99e73645196..db2f7eca00d 100644 --- a/2021/38xxx/CVE-2021-38003.json +++ b/2021/38xxx/CVE-2021-38003.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38003", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1263462" + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" }, { - "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" + "url": "https://crbug.com/1263462", + "refsource": "MISC", + "name": "https://crbug.com/1263462" } ] }, @@ -60,5 +65,4 @@ } ] } -} - +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38004.json b/2021/38xxx/CVE-2021-38004.json index 3ad581eb08c..92d889370d2 100644 --- a/2021/38xxx/CVE-2021-38004.json +++ b/2021/38xxx/CVE-2021-38004.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38004", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1227170" + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" }, { - "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html" + "url": "https://crbug.com/1227170", + "refsource": "MISC", + "name": "https://crbug.com/1227170" } ] }, @@ -60,5 +65,4 @@ } ] } -} - +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42783.json b/2021/42xxx/CVE-2021-42783.json index b824be1bf40..070d2d5fa55 100644 --- a/2021/42xxx/CVE-2021-42783.json +++ b/2021/42xxx/CVE-2021-42783.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", "ID": "CVE-2021-42783", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Missing Authentication in debug_post_set.cgi in D-Link DWR-932C E1 Firmware 1.0.0.4" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DWR-932C E1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.0.4", + "version_value": "1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Eugene Lim from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10246", + "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10246" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42784.json b/2021/42xxx/CVE-2021-42784.json index 4647f517df3..4caf0615208 100644 --- a/2021/42xxx/CVE-2021-42784.json +++ b/2021/42xxx/CVE-2021-42784.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", "ID": "CVE-2021-42784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "OS Command Injection in debug_fcgi in D-Link DWR-932C E1 Firmware 1.0.0.4" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DWR-932C E1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.0.4", + "version_value": "1.0.0.4" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Eugene Lim from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10246", + "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10246" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42785.json b/2021/42xxx/CVE-2021-42785.json index c5cfea54ec3..3a795a4ec77 100644 --- a/2021/42xxx/CVE-2021-42785.json +++ b/2021/42xxx/CVE-2021-42785.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve_disclosure@tech.gov.sg", "ID": "CVE-2021-42785", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TightVNC Viewer", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.8.59", + "version_value": "2.8.59" + } + ] + } + } + ] + }, + "vendor_name": "GlavSoft LLC" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Eugene Lim from Government Technology Agency of Singapore" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allows a remote attacker to execute arbitrary instructions via a crafted FramebufferUpdate packet from a VNC server." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.tightvnc.com/whatsnew.php", + "name": "https://www.tightvnc.com/whatsnew.php" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/4xxx/CVE-2021-4013.json b/2021/4xxx/CVE-2021-4013.json new file mode 100644 index 00000000000..4449ae35799 --- /dev/null +++ b/2021/4xxx/CVE-2021-4013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file