diff --git a/2013/7xxx/CVE-2013-7470.json b/2013/7xxx/CVE-2013-7470.json index 110b41b0413..ea7cdb3be25 100644 --- a/2013/7xxx/CVE-2013-7470.json +++ b/2013/7xxx/CVE-2013-7470.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K21914362", "url": "https://support.f5.com/csp/article/K21914362" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40" } ] } diff --git a/2014/0xxx/CVE-2014-0224.json b/2014/0xxx/CVE-2014-0224.json index 01458bb4294..cb059868a58 100644 --- a/2014/0xxx/CVE-2014-0224.json +++ b/2014/0xxx/CVE-2014-0224.json @@ -1571,6 +1571,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005" } ] } diff --git a/2014/3xxx/CVE-2014-3566.json b/2014/3xxx/CVE-2014-3566.json index ac1685c719a..c24b7215e0d 100644 --- a/2014/3xxx/CVE-2014-3566.json +++ b/2014/3xxx/CVE-2014-3566.json @@ -1371,6 +1371,11 @@ "refsource": "MLIST", "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7" } ] } diff --git a/2014/6xxx/CVE-2014-6271.json b/2014/6xxx/CVE-2014-6271.json index fe3c6b94501..a7ebecdbae3 100644 --- a/2014/6xxx/CVE-2014-6271.json +++ b/2014/6xxx/CVE-2014-6271.json @@ -931,6 +931,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006" } ] } diff --git a/2014/6xxx/CVE-2014-6278.json b/2014/6xxx/CVE-2014-6278.json index 7d0114ce885..5267fbcdf2b 100644 --- a/2014/6xxx/CVE-2014-6278.json +++ b/2014/6xxx/CVE-2014-6278.json @@ -621,6 +621,11 @@ "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006" } ] } diff --git a/2014/7xxx/CVE-2014-7169.json b/2014/7xxx/CVE-2014-7169.json index adfa2f372a0..5e8cf8868eb 100644 --- a/2014/7xxx/CVE-2014-7169.json +++ b/2014/7xxx/CVE-2014-7169.json @@ -876,6 +876,11 @@ "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006" } ] } diff --git a/2014/9xxx/CVE-2014-9293.json b/2014/9xxx/CVE-2014-9293.json index 4ca68be18d3..4a6c63fde13 100644 --- a/2014/9xxx/CVE-2014-9293.json +++ b/2014/9xxx/CVE-2014-9293.json @@ -156,6 +156,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8" } ] } diff --git a/2014/9xxx/CVE-2014-9294.json b/2014/9xxx/CVE-2014-9294.json index d252c40f46c..7d106388cfd 100644 --- a/2014/9xxx/CVE-2014-9294.json +++ b/2014/9xxx/CVE-2014-9294.json @@ -156,6 +156,11 @@ "name": "MDVSA-2015:003", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8" } ] } diff --git a/2014/9xxx/CVE-2014-9295.json b/2014/9xxx/CVE-2014-9295.json index 5e47f6fc2ce..1f4a6122b5f 100644 --- a/2014/9xxx/CVE-2014-9295.json +++ b/2014/9xxx/CVE-2014-9295.json @@ -191,6 +191,11 @@ "name": "http://bugs.ntp.org/show_bug.cgi?id=2669", "refsource": "CONFIRM", "url": "http://bugs.ntp.org/show_bug.cgi?id=2669" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8" } ] } diff --git a/2014/9xxx/CVE-2014-9296.json b/2014/9xxx/CVE-2014-9296.json index 3a3890e6a70..f752e2910b4 100644 --- a/2014/9xxx/CVE-2014-9296.json +++ b/2014/9xxx/CVE-2014-9296.json @@ -146,6 +146,11 @@ "name": "MDVSA-2015:003", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8" } ] } diff --git a/2015/0xxx/CVE-2015-0235.json b/2015/0xxx/CVE-2015-0235.json index 50c9ee38ab2..e9dc31c8b55 100644 --- a/2015/0xxx/CVE-2015-0235.json +++ b/2015/0xxx/CVE-2015-0235.json @@ -496,6 +496,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9" } ] } diff --git a/2015/10xxx/CVE-2015-10001.json b/2015/10xxx/CVE-2015-10001.json new file mode 100644 index 00000000000..12d243005eb --- /dev/null +++ b/2015/10xxx/CVE-2015-10001.json @@ -0,0 +1,80 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2015-10001", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP-Stats", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.52", + "version_value": "2.52" + } + ] + } + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f5c3dfea-7203-4a98-88ff-aa6a24d03734", + "name": "https://wpscan.com/vulnerability/f5c3dfea-7203-4a98-88ff-aa6a24d03734" + }, + { + "refsource": "MISC", + "url": "https://www.openwall.com/lists/oss-security/2015/06/17/6", + "name": "https://www.openwall.com/lists/oss-security/2015/06/17/6" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Sebastian Wolfgang Kraemer" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2015/1xxx/CVE-2015-1789.json b/2015/1xxx/CVE-2015-1789.json index 6496bdd86cd..acb4daa3df1 100644 --- a/2015/1xxx/CVE-2015-1789.json +++ b/2015/1xxx/CVE-2015-1789.json @@ -321,6 +321,11 @@ "name": "HPSBGN03371", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=143654156615516&w=2" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11" } ] } diff --git a/2015/1xxx/CVE-2015-1790.json b/2015/1xxx/CVE-2015-1790.json index b9e4642bcf2..5e1e9ca8843 100644 --- a/2015/1xxx/CVE-2015-1790.json +++ b/2015/1xxx/CVE-2015-1790.json @@ -311,6 +311,11 @@ "name": "HPSBGN03371", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=143654156615516&w=2" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11" } ] } diff --git a/2015/1xxx/CVE-2015-1791.json b/2015/1xxx/CVE-2015-1791.json index edff44f1c8a..a7da868e6c9 100644 --- a/2015/1xxx/CVE-2015-1791.json +++ b/2015/1xxx/CVE-2015-1791.json @@ -296,6 +296,11 @@ "name": "https://www.openssl.org/news/secadv_20150611.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv_20150611.txt" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11" } ] } diff --git a/2015/20xxx/CVE-2015-20019.json b/2015/20xxx/CVE-2015-20019.json index 037586f2307..fbc7a679e31 100644 --- a/2015/20xxx/CVE-2015-20019.json +++ b/2015/20xxx/CVE-2015-20019.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-20019", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Content text slider on post < 6.9 - Authenticated Stored Cross-Site Scripting (XSS)" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Content text slider on post", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.9", + "version_value": "6.9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues" } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://seclists.org/bugtraq/2015/Dec/124", + "name": "https://seclists.org/bugtraq/2015/Dec/124" + }, + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/4f92b211-e09c-4ed0-bc98-27e0b51b1f86", + "name": "https://wpscan.com/vulnerability/4f92b211-e09c-4ed0-bc98-27e0b51b1f86" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/1393044/content-text-slider-on-post", + "name": "https://plugins.trac.wordpress.org/changeset/1393044/content-text-slider-on-post" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "ALIREZA_PROMIS" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2015/20xxx/CVE-2015-20067.json b/2015/20xxx/CVE-2015-20067.json index 35f787c87a5..92374a9d225 100644 --- a/2015/20xxx/CVE-2015-20067.json +++ b/2015/20xxx/CVE-2015-20067.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2015-20067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Attachment Export < 0.2.4 - Unauthenticated Posts Download" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Attachment Export", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0.2.4", + "version_value": "0.2.4" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress" } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://seclists.org/fulldisclosure/2015/Jul/73", + "name": "https://seclists.org/fulldisclosure/2015/Jul/73" + }, + { + "refsource": "MISC", + "url": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb", + "name": "https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_attachment_export_file_download.rb" + }, + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a", + "name": "https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-862 Missing Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Nitin Venkatesh" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3456.json b/2015/3xxx/CVE-2015-3456.json index 6e7369033f4..99b6f11d373 100644 --- a/2015/3xxx/CVE-2015-3456.json +++ b/2015/3xxx/CVE-2015-3456.json @@ -291,6 +291,11 @@ "name": "RHSA-2015:1000", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10" } ] } diff --git a/2015/5xxx/CVE-2015-5278.json b/2015/5xxx/CVE-2015-5278.json index 197290d536a..8dc15b3aead 100644 --- a/2015/5xxx/CVE-2015-5278.json +++ b/2015/5xxx/CVE-2015-5278.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2015/09/15/2", "url": "http://www.openwall.com/lists/oss-security/2015/09/15/2" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14" } ] } diff --git a/2015/5xxx/CVE-2015-5279.json b/2015/5xxx/CVE-2015-5279.json index 6a84318bec0..0ad04551bf0 100644 --- a/2015/5xxx/CVE-2015-5279.json +++ b/2015/5xxx/CVE-2015-5279.json @@ -136,6 +136,11 @@ "name": "GLSA-201602-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201602-01" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14" } ] } diff --git a/2015/5xxx/CVE-2015-5600.json b/2015/5xxx/CVE-2015-5600.json index f324c4c9eeb..56c3e2c5f0f 100644 --- a/2015/5xxx/CVE-2015-5600.json +++ b/2015/5xxx/CVE-2015-5600.json @@ -206,6 +206,11 @@ "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12" } ] } diff --git a/2015/6xxx/CVE-2015-6815.json b/2015/6xxx/CVE-2015-6815.json index b6492338543..d3de9dfc9ec 100644 --- a/2015/6xxx/CVE-2015-6815.json +++ b/2015/6xxx/CVE-2015-6815.json @@ -111,6 +111,11 @@ "refsource": "CONFIRM", "name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14" } ] } diff --git a/2015/6xxx/CVE-2015-6855.json b/2015/6xxx/CVE-2015-6855.json index 9826f35a737..12476054948 100644 --- a/2015/6xxx/CVE-2015-6855.json +++ b/2015/6xxx/CVE-2015-6855.json @@ -126,6 +126,11 @@ "name": "GLSA-201602-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201602-01" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14" } ] } diff --git a/2015/7xxx/CVE-2015-7704.json b/2015/7xxx/CVE-2015-7704.json index c5189ec5682..cad5d1309d4 100644 --- a/2015/7xxx/CVE-2015-7704.json +++ b/2015/7xxx/CVE-2015-7704.json @@ -146,6 +146,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016" } ] } diff --git a/2015/7xxx/CVE-2015-7705.json b/2015/7xxx/CVE-2015-7705.json index f9231ea4ea9..452bc938310 100644 --- a/2015/7xxx/CVE-2015-7705.json +++ b/2015/7xxx/CVE-2015-7705.json @@ -226,6 +226,11 @@ "refsource": "MISC", "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016" } ] } diff --git a/2015/8xxx/CVE-2015-8138.json b/2015/8xxx/CVE-2015-8138.json index d669df20c36..44013a06082 100644 --- a/2015/8xxx/CVE-2015-8138.json +++ b/2015/8xxx/CVE-2015-8138.json @@ -206,6 +206,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19" } ] } diff --git a/2016/1xxx/CVE-2016-1516.json b/2016/1xxx/CVE-2016-1516.json index d240cdde641..b9267c9a8eb 100644 --- a/2016/1xxx/CVE-2016-1516.json +++ b/2016/1xxx/CVE-2016-1516.json @@ -66,6 +66,11 @@ "name": "https://arxiv.org/pdf/1701.04739.pdf", "refsource": "MISC", "url": "https://arxiv.org/pdf/1701.04739.pdf" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2016/1xxx/CVE-2016-1547.json b/2016/1xxx/CVE-2016-1547.json index c9d089faa1a..c438a0ba64b 100644 --- a/2016/1xxx/CVE-2016-1547.json +++ b/2016/1xxx/CVE-2016-1547.json @@ -141,6 +141,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19" } ] } diff --git a/2016/1xxx/CVE-2016-1548.json b/2016/1xxx/CVE-2016-1548.json index fd5a44e55f8..016a0b3f1f7 100644 --- a/2016/1xxx/CVE-2016-1548.json +++ b/2016/1xxx/CVE-2016-1548.json @@ -233,6 +233,11 @@ "refsource": "MISC", "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19" } ] } diff --git a/2016/1xxx/CVE-2016-1550.json b/2016/1xxx/CVE-2016-1550.json index d9c9c097f30..ca31b94feab 100644 --- a/2016/1xxx/CVE-2016-1550.json +++ b/2016/1xxx/CVE-2016-1550.json @@ -236,6 +236,11 @@ "refsource": "MISC", "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19" } ] } diff --git a/2016/2xxx/CVE-2016-2177.json b/2016/2xxx/CVE-2016-2177.json index bb7fcff6b6a..9a769fc14b0 100644 --- a/2016/2xxx/CVE-2016-2177.json +++ b/2016/2xxx/CVE-2016-2177.json @@ -236,6 +236,136 @@ "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 CVE-2016-2177: OpenSSL undefined pointer arithmetic", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2700", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-1", + "url": "http://www.ubuntu.com/usn/USN-3087-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2469", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" + }, + { + "refsource": "CISCO", + "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2537", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-2", + "url": "http://www.ubuntu.com/usn/USN-3087-2" + }, + { + "refsource": "BUGTRAQ", + "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)", + "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2699", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20170801 [security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)", + "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2407", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" + }, + { + "refsource": "FULLDISC", + "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2017/Jul/31" + }, + { + "refsource": "UBUNTU", + "name": "USN-3181-1", + "url": "http://www.ubuntu.com/usn/USN-3181-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K23873366", + "url": "https://support.f5.com/csp/article/K23873366" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3673", + "url": "http://www.debian.org/security/2016/dsa-3673" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2391", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:0458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2387", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2468", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2394", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" } ] } diff --git a/2016/2xxx/CVE-2016-2178.json b/2016/2xxx/CVE-2016-2178.json index 9ce7a6534dd..a707224722a 100644 --- a/2016/2xxx/CVE-2016-2178.json +++ b/2016/2xxx/CVE-2016-2178.json @@ -231,6 +231,166 @@ "name": "http://eprint.iacr.org/2016/594.pdf", "refsource": "MISC", "url": "http://eprint.iacr.org/2016/594.pdf" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2700", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-1", + "url": "http://www.ubuntu.com/usn/USN-3087-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2469", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" + }, + { + "refsource": "CISCO", + "name": "20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2537", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K53084033", + "url": "https://support.f5.com/csp/article/K53084033" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-2", + "url": "http://www.ubuntu.com/usn/USN-3087-2" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2699", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2407", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" + }, + { + "refsource": "FULLDISC", + "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2017/Jul/31" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3673", + "url": "http://www.debian.org/security/2016/dsa-3673" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2391", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:0458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2387", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2468", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2496", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations", + "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2394", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" } ] } diff --git a/2016/2xxx/CVE-2016-2181.json b/2016/2xxx/CVE-2016-2181.json index f5880b5887a..559a07af6cf 100644 --- a/2016/2xxx/CVE-2016-2181.json +++ b/2016/2xxx/CVE-2016-2181.json @@ -156,6 +156,101 @@ "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2700", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-1", + "url": "http://www.ubuntu.com/usn/USN-3087-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2469", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2537", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-2", + "url": "http://www.ubuntu.com/usn/USN-3087-2" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2699", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2407", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" + }, + { + "refsource": "FULLDISC", + "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2017/Jul/31" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K59298921", + "url": "https://support.f5.com/csp/article/K59298921" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3673", + "url": "http://www.debian.org/security/2016/dsa-3673" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2391", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:0458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2387", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2468", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2394", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" } ] } diff --git a/2016/2xxx/CVE-2016-2182.json b/2016/2xxx/CVE-2016-2182.json index e27a47ca516..b052bfdc3fc 100644 --- a/2016/2xxx/CVE-2016-2182.json +++ b/2016/2xxx/CVE-2016-2182.json @@ -87,6 +87,11 @@ "refsource": "BID", "url": "http://www.securityfocus.com/bid/92557" }, + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2017-03-01", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, { "name": "1037968", "refsource": "SECTRACK", @@ -196,6 +201,111 @@ "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2700", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-1", + "url": "http://www.ubuntu.com/usn/USN-3087-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2469", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2537", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-2", + "url": "http://www.ubuntu.com/usn/USN-3087-2" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K01276005", + "url": "https://support.f5.com/csp/article/K01276005" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2699", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2407", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" + }, + { + "refsource": "FULLDISC", + "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2017/Jul/31" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3673", + "url": "http://www.debian.org/security/2016/dsa-3673" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2391", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:0458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2387", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2468", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2394", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" } ] } diff --git a/2016/2xxx/CVE-2016-2183.json b/2016/2xxx/CVE-2016-2183.json index 8069b6317b1..b3184691553 100644 --- a/2016/2xxx/CVE-2016-2183.json +++ b/2016/2xxx/CVE-2016-2183.json @@ -62,16 +62,51 @@ "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" }, + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us" + }, { "name": "GLSA-201612-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-16" }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" + }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415" + }, { "name": "RHSA-2017:3240", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, + { + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" + }, { "name": "RHSA-2017:2709", "refsource": "REDHAT", @@ -82,21 +117,56 @@ "refsource": "BID", "url": "http://www.securityfocus.com/bid/92630" }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171" + }, { "name": "RHSA-2017:3239", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, + { + "refsource": "EXPLOIT-DB", + "name": "42091", + "url": "https://www.exploit-db.com/exploits/42091/" + }, { "name": "GLSA-201701-65", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-65" }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" + }, { "name": "1036696", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036696" }, + { + "name": "https://security.netapp.com/advisory/ntap-20160915-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20160915-0001/" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us" + }, { "name": "GLSA-201707-01", "refsource": "GENTOO", @@ -112,16 +182,51 @@ "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa133", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa133" + }, + { + "name": "https://www.tenable.com/security/tns-2017-09", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-09" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116" + }, { "name": "RHSA-2017:1216", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1216" }, + { + "refsource": "CONFIRM", + "name": "https://wiki.opendaylight.org/view/Security_Advisories", + "url": "https://wiki.opendaylight.org/view/Security_Advisories" + }, { "name": "RHSA-2017:2710", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, + { + "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984" + }, { "name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections", "refsource": "MLIST", @@ -152,11 +257,291 @@ "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" + }, { "name": "RHSA-2017:0462", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html" }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2700", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities", + "url": "http://www.securityfocus.com/archive/1/540341/100/0/threaded" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-1", + "url": "http://www.ubuntu.com/usn/USN-3087-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2469", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2537", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information", + "url": "http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-2", + "url": "http://www.ubuntu.com/usn/USN-3087-2" + }, + { + "refsource": "BUGTRAQ", + "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information", + "url": "http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10197", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10197" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10186", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10186" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2699", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information", + "url": "http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2407", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" + }, + { + "refsource": "CONFIRM", + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613" + }, + { + "refsource": "FULLDISC", + "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2017/Jul/31" + }, + { + "refsource": "UBUNTU", + "name": "USN-3194-1", + "url": "http://www.ubuntu.com/usn/USN-3194-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information", + "url": "https://seclists.org/bugtraq/2018/Nov/21" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K13167034", + "url": "https://support.f5.com/csp/article/K13167034" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722" + }, + { + "refsource": "BUGTRAQ", + "name": "20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information", + "url": "http://www.securityfocus.com/archive/1/542005/100/0/threaded" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3673", + "url": "http://www.debian.org/security/2016/dsa-3673" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2391", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3372-1", + "url": "http://www.ubuntu.com/usn/USN-3372-1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:0458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:0460", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:0490", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3270-1", + "url": "http://www.ubuntu.com/usn/USN-3270-1" + }, + { + "refsource": "BUGTRAQ", + "name": "20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information", + "url": "http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded" + }, + { + "refsource": "CONFIRM", + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2387", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" + }, + { + "refsource": "FULLDISC", + "name": "20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2017/May/105" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2017:0513", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448" + }, + { + "refsource": "BUGTRAQ", + "name": "20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information", + "url": "http://www.securityfocus.com/archive/1/539885/100/0/threaded" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2017:0374", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2468", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:0346", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2496", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3198-1", + "url": "http://www.ubuntu.com/usn/USN-3198-1" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2017/May/105", + "url": "http://seclists.org/fulldisclosure/2017/May/105" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403" + }, + { + "refsource": "BUGTRAQ", + "name": "20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information", + "url": "http://www.securityfocus.com/archive/1/541104/100/0/threaded" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:1444", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2394", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities", + "url": "http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded" + }, + { + "refsource": "UBUNTU", + "name": "USN-3179-1", + "url": "http://www.ubuntu.com/usn/USN-3179-1" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" + }, { "refsource": "REDHAT", "name": "RHSA-2019:1245", @@ -172,6 +557,11 @@ "name": "RHSA-2020:0451", "url": "https://access.redhat.com/errata/RHSA-2020:0451" }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10310" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", @@ -446,6 +836,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" } ] } diff --git a/2016/5xxx/CVE-2016-5017.json b/2016/5xxx/CVE-2016-5017.json index 77b8f2e80b9..ce10e01eec9 100644 --- a/2016/5xxx/CVE-2016-5017.json +++ b/2016/5xxx/CVE-2016-5017.json @@ -106,6 +106,11 @@ "name": "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a", "refsource": "CONFIRM", "url": "https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a" + }, + { + "refsource": "MLIST", + "name": "[dubbo-notifications] 20211101 [GitHub] [dubbo] AlbumenJ opened a new issue #9177: Upgrade Zookeeper dependency", + "url": "https://lists.apache.org/thread.html/r4b743f407244294f316325458ccaabfce9cd70ca3a6423dbe574035c@%3Cnotifications.dubbo.apache.org%3E" } ] } diff --git a/2016/5xxx/CVE-2016-5195.json b/2016/5xxx/CVE-2016-5195.json index b38bc7a9265..24f23b4fbef 100644 --- a/2016/5xxx/CVE-2016-5195.json +++ b/2016/5xxx/CVE-2016-5195.json @@ -292,6 +292,346 @@ "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10176" }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2635", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2659", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20161027 CVE-2016-5195 test case", + "url": "http://www.openwall.com/lists/oss-security/2016/10/27/13" + }, + { + "refsource": "UBUNTU", + "name": "USN-3106-2", + "url": "http://www.ubuntu.com/usn/USN-3106-2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2583", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html", + "url": "http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2633", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2638", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2584", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html", + "url": "http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2658", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2631", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3106-3", + "url": "http://www.ubuntu.com/usn/USN-3106-3" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05352241" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2655", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2016-c3558808cd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/" + }, + { + "refsource": "BUGTRAQ", + "name": "20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege", + "url": "http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2637", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2596", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2634", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html" + }, + { + "refsource": "CISCO", + "name": "20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd" + }, + { + "refsource": "CISCO", + "name": "20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux" + }, + { + "refsource": "CONFIRM", + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10177", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10177" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2657", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2614", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3105-2", + "url": "http://www.ubuntu.com/usn/USN-3105-2" + }, + { + "refsource": "UBUNTU", + "name": "USN-3107-1", + "url": "http://www.ubuntu.com/usn/USN-3107-1" + }, + { + "refsource": "CONFIRM", + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10774" + }, + { + "refsource": "UBUNTU", + "name": "USN-3107-2", + "url": "http://www.ubuntu.com/usn/USN-3107-2" + }, + { + "refsource": "BUGTRAQ", + "name": "20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege", + "url": "http://www.securityfocus.com/archive/1/540344/100/0/threaded" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2625", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3106-1", + "url": "http://www.ubuntu.com/usn/USN-3106-1" + }, + { + "refsource": "UBUNTU", + "name": "USN-3106-4", + "url": "http://www.ubuntu.com/usn/USN-3106-4" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20161030 Re: CVE-2016-5195 test case", + "url": "http://www.openwall.com/lists/oss-security/2016/10/30/1" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2673", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3104-2", + "url": "http://www.ubuntu.com/usn/USN-3104-2" + }, + { + "refsource": "CONFIRM", + "name": "http://fortiguard.com/advisory/FG-IR-16-063", + "url": "http://fortiguard.com/advisory/FG-IR-16-063" + }, + { + "refsource": "CONFIRM", + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10807" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2629", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20161020 [CVE-2016-5195] \"Dirty COW\" Linux privilege escalation vulnerability", + "url": "http://www.securityfocus.com/archive/1/539611/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2632", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege", + "url": "http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded" + }, + { + "refsource": "UBUNTU", + "name": "USN-3105-1", + "url": "http://www.ubuntu.com/usn/USN-3105-1" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html", + "url": "http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2630", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2016-db4b75b352", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2016-c8a0c7eece", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20161103 Re: CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability", + "url": "http://www.openwall.com/lists/oss-security/2016/11/03/7" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2636", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:3069", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10222", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10222" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3696", + "url": "http://www.debian.org/security/2016/dsa-3696" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2592", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege", + "url": "http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded" + }, + { + "refsource": "BUGTRAQ", + "name": "20161020 [CVE-2016-5195] \"Dirty COW\" Linux privilege escalation vulnerability", + "url": "http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded" + }, + { + "refsource": "UBUNTU", + "name": "USN-3104-1", + "url": "http://www.ubuntu.com/usn/USN-3104-1" + }, + { + "refsource": "BUGTRAQ", + "name": "20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege", + "url": "http://www.securityfocus.com/archive/1/540736/100/0/threaded" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2593", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:3304", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20161021 CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability", + "url": "http://www.openwall.com/lists/oss-security/2016/10/21/1" + }, + { + "refsource": "BUGTRAQ", + "name": "20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege", + "url": "http://www.securityfocus.com/archive/1/540252/100/0/threaded" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2585", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2649", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html" + }, { "name": "https://security.paloaltonetworks.com/CVE-2016-5195", "refsource": "CONFIRM", @@ -301,6 +641,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0554", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026" } ] } diff --git a/2016/5xxx/CVE-2016-5696.json b/2016/5xxx/CVE-2016-5696.json index b4a30f03b9b..e88f96b2f46 100644 --- a/2016/5xxx/CVE-2016-5696.json +++ b/2016/5xxx/CVE-2016-5696.json @@ -206,6 +206,11 @@ "name": "https://security.paloaltonetworks.com/CVE-2016-5696", "refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2016-5696" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1461-security-advisory-23", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1461-security-advisory-23" } ] } diff --git a/2016/6xxx/CVE-2016-6304.json b/2016/6xxx/CVE-2016-6304.json index 86341848a0d..dc493907809 100644 --- a/2016/6xxx/CVE-2016-6304.json +++ b/2016/6xxx/CVE-2016-6304.json @@ -112,6 +112,11 @@ "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1801" }, + { + "refsource": "CONFIRM", + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + }, { "name": "1036878", "refsource": "SECTRACK", @@ -231,6 +236,126 @@ "name": "RHSA-2017:2493", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2493" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2700", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-1", + "url": "http://www.ubuntu.com/usn/USN-3087-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2469", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2537", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" + }, + { + "refsource": "FULLDISC", + "name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing", + "url": "http://seclists.org/fulldisclosure/2016/Oct/62" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-2", + "url": "http://www.ubuntu.com/usn/USN-3087-2" + }, + { + "refsource": "FULLDISC", + "name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2", + "url": "http://seclists.org/fulldisclosure/2016/Dec/47" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2699", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2407", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" + }, + { + "refsource": "FULLDISC", + "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2017/Jul/31" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3673", + "url": "http://www.debian.org/security/2016/dsa-3673" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2391", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:0458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html", + "url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2387", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2788", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2468", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2769", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2496", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2394", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" } ] } diff --git a/2016/6xxx/CVE-2016-6306.json b/2016/6xxx/CVE-2016-6306.json index 596c9726cb9..b26ced0cbca 100644 --- a/2016/6xxx/CVE-2016-6306.json +++ b/2016/6xxx/CVE-2016-6306.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2016-20", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-20" + }, { "name": "RHSA-2018:2185", "refsource": "REDHAT", @@ -77,11 +82,36 @@ "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-16" }, + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" + }, { "name": "1036885", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036885" }, + { + "name": "https://www.tenable.com/security/tns-2016-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-16" + }, + { + "name": "https://www.tenable.com/security/tns-2016-21", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2016-21" + }, + { + "name": "https://bto.bluecoat.com/security-advisory/sa132", + "refsource": "CONFIRM", + "url": "https://bto.bluecoat.com/security-advisory/sa132" + }, { "name": "FreeBSD-SA-16:26", "refsource": "FREEBSD", @@ -97,6 +127,121 @@ "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2187" }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" + }, + { + "refsource": "CONFIRM", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10215" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2700", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-1", + "url": "http://www.ubuntu.com/usn/USN-3087-1" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2469", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2537", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3087-2", + "url": "http://www.ubuntu.com/usn/USN-3087-2" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2699", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2407", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" + }, + { + "refsource": "FULLDISC", + "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities", + "url": "http://seclists.org/fulldisclosure/2017/Jul/31" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3673", + "url": "http://www.debian.org/security/2016/dsa-3673" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2391", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:0458", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2387", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K90492697", + "url": "https://support.f5.com/csp/article/K90492697" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2468", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2016:2496", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2016:2394", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", @@ -216,6 +361,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" } ] } diff --git a/2017/1000xxx/CVE-2017-1000450.json b/2017/1000xxx/CVE-2017-1000450.json index dcec7747ad9..a02c348136b 100644 --- a/2017/1000xxx/CVE-2017-1000450.json +++ b/2017/1000xxx/CVE-2017-1000450.json @@ -73,6 +73,11 @@ "name": "https://github.com/opencv/opencv/issues/9723", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9723" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12597.json b/2017/12xxx/CVE-2017-12597.json index 3d152e111b9..9ffc41010f1 100644 --- a/2017/12xxx/CVE-2017-12597.json +++ b/2017/12xxx/CVE-2017-12597.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/9309", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9309" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12598.json b/2017/12xxx/CVE-2017-12598.json index bfc2c4252ae..75d0a0e9340 100644 --- a/2017/12xxx/CVE-2017-12598.json +++ b/2017/12xxx/CVE-2017-12598.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/9309", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9309" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12599.json b/2017/12xxx/CVE-2017-12599.json index dc9249d5da3..434db821d95 100644 --- a/2017/12xxx/CVE-2017-12599.json +++ b/2017/12xxx/CVE-2017-12599.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/9309", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9309" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12601.json b/2017/12xxx/CVE-2017-12601.json index 362cd3881cd..0de54c29a74 100644 --- a/2017/12xxx/CVE-2017-12601.json +++ b/2017/12xxx/CVE-2017-12601.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/9309", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9309" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12603.json b/2017/12xxx/CVE-2017-12603.json index b7821e1a3e2..99fec118224 100644 --- a/2017/12xxx/CVE-2017-12603.json +++ b/2017/12xxx/CVE-2017-12603.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/9309", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9309" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12604.json b/2017/12xxx/CVE-2017-12604.json index 6d111216ad9..f6c89c62090 100644 --- a/2017/12xxx/CVE-2017-12604.json +++ b/2017/12xxx/CVE-2017-12604.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/9309", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9309" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12605.json b/2017/12xxx/CVE-2017-12605.json index 62eb1dbbbc5..b7bbd4463d6 100644 --- a/2017/12xxx/CVE-2017-12605.json +++ b/2017/12xxx/CVE-2017-12605.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/9309", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9309" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12606.json b/2017/12xxx/CVE-2017-12606.json index 726a1e5b6ad..0ce77c3ff08 100644 --- a/2017/12xxx/CVE-2017-12606.json +++ b/2017/12xxx/CVE-2017-12606.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/9309", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9309" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12862.json b/2017/12xxx/CVE-2017-12862.json index a62e9273399..2a24768164f 100644 --- a/2017/12xxx/CVE-2017-12862.json +++ b/2017/12xxx/CVE-2017-12862.json @@ -66,6 +66,11 @@ "name": "https://github.com/opencv/opencv/issues/9370", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9370" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12863.json b/2017/12xxx/CVE-2017-12863.json index 3f86db84f17..a77089fdf99 100644 --- a/2017/12xxx/CVE-2017-12863.json +++ b/2017/12xxx/CVE-2017-12863.json @@ -66,6 +66,11 @@ "name": "https://github.com/opencv/opencv/issues/9371", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9371" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/12xxx/CVE-2017-12864.json b/2017/12xxx/CVE-2017-12864.json index 43560aaa667..d7a5d20aaa7 100644 --- a/2017/12xxx/CVE-2017-12864.json +++ b/2017/12xxx/CVE-2017-12864.json @@ -66,6 +66,11 @@ "name": "https://github.com/opencv/opencv/issues/9372", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/9372" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/14xxx/CVE-2017-14491.json b/2017/14xxx/CVE-2017-14491.json index 154ef7dc8b0..89bf6e8e120 100644 --- a/2017/14xxx/CVE-2017-14491.json +++ b/2017/14xxx/CVE-2017-14491.json @@ -162,6 +162,11 @@ "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2841" }, + { + "refsource": "CONFIRM", + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560" + }, { "name": "openSUSE-SU-2017:2633", "refsource": "SUSE", @@ -181,6 +186,71 @@ "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2017-515264ae24", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2017-24f067299e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3430-3", + "url": "http://www.ubuntu.com/usn/USN-3430-3" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", + "url": "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2619", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2017-7106a157f5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2616", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2017:2617", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-3989", + "url": "https://www.debian.org/security/2017/dsa-3989" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30" } ] } diff --git a/2017/14xxx/CVE-2017-14737.json b/2017/14xxx/CVE-2017-14737.json index 92064c81c45..19a40ed580c 100644 --- a/2017/14xxx/CVE-2017-14737.json +++ b/2017/14xxx/CVE-2017-14737.json @@ -61,6 +61,11 @@ "name": "https://github.com/randombit/botan/issues/1222", "refsource": "MISC", "url": "https://github.com/randombit/botan/issues/1222" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211108 [SECURITY] [DLA 2812-1] botan1.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html" } ] } diff --git a/2017/17xxx/CVE-2017-17760.json b/2017/17xxx/CVE-2017-17760.json index 4a9a1a83d69..b0eba7e1859 100644 --- a/2017/17xxx/CVE-2017-17760.json +++ b/2017/17xxx/CVE-2017-17760.json @@ -76,6 +76,11 @@ "name": "102974", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102974" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2017/18xxx/CVE-2017-18017.json b/2017/18xxx/CVE-2017-18017.json index 2e2801aac1b..693552db0be 100644 --- a/2017/18xxx/CVE-2017-18017.json +++ b/2017/18xxx/CVE-2017-18017.json @@ -141,6 +141,76 @@ "name": "102367", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102367" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0834", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0848", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0383", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3583-1", + "url": "http://www.ubuntu.com/usn/USN-3583-1" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K18352029", + "url": "https://support.f5.com/csp/article/K18352029" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0555", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2018:0408", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0986", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0416", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0482", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0841", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3583-2", + "url": "http://www.ubuntu.com/usn/USN-3583-2" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2018:0660", + "url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34" } ] } diff --git a/2017/2xxx/CVE-2017-2888.json b/2017/2xxx/CVE-2017-2888.json index ae5e4fc1b06..cdf168b81ce 100644 --- a/2017/2xxx/CVE-2017-2888.json +++ b/2017/2xxx/CVE-2017-2888.json @@ -67,6 +67,11 @@ "refsource": "UBUNTU", "name": "USN-4143-1", "url": "https://usn.ubuntu.com/4143-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2803-1] libsdl2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html" } ] } diff --git a/2017/5xxx/CVE-2017-5123.json b/2017/5xxx/CVE-2017-5123.json index 60699e41c02..984b53d9f1c 100644 --- a/2017/5xxx/CVE-2017-5123.json +++ b/2017/5xxx/CVE-2017-5123.json @@ -1,18 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-5123", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5123", + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient data validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/772848", + "refsource": "MISC", + "name": "https://crbug.com/772848" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient data validation in waitid allowed an user to escape sandboxes on Linux." } ] } -} \ No newline at end of file +} diff --git a/2017/9xxx/CVE-2017-9525.json b/2017/9xxx/CVE-2017-9525.json index c22c5887f4c..3cb33d9ed7d 100644 --- a/2017/9xxx/CVE-2017-9525.json +++ b/2017/9xxx/CVE-2017-9525.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2801-1] cron security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html" } ] } diff --git a/2018/10xxx/CVE-2018-10841.json b/2018/10xxx/CVE-2018-10841.json index aa824e74d93..e6e3027d11f 100644 --- a/2018/10xxx/CVE-2018-10841.json +++ b/2018/10xxx/CVE-2018-10841.json @@ -86,6 +86,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10904.json b/2018/10xxx/CVE-2018-10904.json index fc733df07a0..acd56acc655 100644 --- a/2018/10xxx/CVE-2018-10904.json +++ b/2018/10xxx/CVE-2018-10904.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10907.json b/2018/10xxx/CVE-2018-10907.json index 11d42733591..fb1fb1c50b2 100644 --- a/2018/10xxx/CVE-2018-10907.json +++ b/2018/10xxx/CVE-2018-10907.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10909.json b/2018/10xxx/CVE-2018-10909.json index 290563a0e42..32035ecf352 100644 --- a/2018/10xxx/CVE-2018-10909.json +++ b/2018/10xxx/CVE-2018-10909.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-10909", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-10909", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2018/10xxx/CVE-2018-10911.json b/2018/10xxx/CVE-2018-10911.json index 0851fde7ddd..6fe08c751e7 100644 --- a/2018/10xxx/CVE-2018-10911.json +++ b/2018/10xxx/CVE-2018-10911.json @@ -127,6 +127,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10913.json b/2018/10xxx/CVE-2018-10913.json index e9cdd357896..3ac5c0e97b9 100644 --- a/2018/10xxx/CVE-2018-10913.json +++ b/2018/10xxx/CVE-2018-10913.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10914.json b/2018/10xxx/CVE-2018-10914.json index 09130e6e3e1..5d1d03549f5 100644 --- a/2018/10xxx/CVE-2018-10914.json +++ b/2018/10xxx/CVE-2018-10914.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10923.json b/2018/10xxx/CVE-2018-10923.json index 77b322e8b11..e0fcbc61d54 100644 --- a/2018/10xxx/CVE-2018-10923.json +++ b/2018/10xxx/CVE-2018-10923.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10926.json b/2018/10xxx/CVE-2018-10926.json index d26681170e5..8a8f517d6fc 100644 --- a/2018/10xxx/CVE-2018-10926.json +++ b/2018/10xxx/CVE-2018-10926.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10927.json b/2018/10xxx/CVE-2018-10927.json index faaf6c410eb..5b678cada70 100644 --- a/2018/10xxx/CVE-2018-10927.json +++ b/2018/10xxx/CVE-2018-10927.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10928.json b/2018/10xxx/CVE-2018-10928.json index 3d5090a49ee..102a3356a18 100644 --- a/2018/10xxx/CVE-2018-10928.json +++ b/2018/10xxx/CVE-2018-10928.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10929.json b/2018/10xxx/CVE-2018-10929.json index 9dcf0e5c9f9..f5e571fa183 100644 --- a/2018/10xxx/CVE-2018-10929.json +++ b/2018/10xxx/CVE-2018-10929.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/10xxx/CVE-2018-10930.json b/2018/10xxx/CVE-2018-10930.json index cbf8b8b5484..474e97e4513 100644 --- a/2018/10xxx/CVE-2018-10930.json +++ b/2018/10xxx/CVE-2018-10930.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/14xxx/CVE-2018-14652.json b/2018/14xxx/CVE-2018-14652.json index bc6476688c4..476cde0ec4b 100644 --- a/2018/14xxx/CVE-2018-14652.json +++ b/2018/14xxx/CVE-2018-14652.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/14xxx/CVE-2018-14653.json b/2018/14xxx/CVE-2018-14653.json index 728e89d5aa0..6939f530c2a 100644 --- a/2018/14xxx/CVE-2018-14653.json +++ b/2018/14xxx/CVE-2018-14653.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/14xxx/CVE-2018-14654.json b/2018/14xxx/CVE-2018-14654.json index ddf3c959327..0a7aafaa9bf 100644 --- a/2018/14xxx/CVE-2018-14654.json +++ b/2018/14xxx/CVE-2018-14654.json @@ -86,6 +86,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/14xxx/CVE-2018-14659.json b/2018/14xxx/CVE-2018-14659.json index fd546d11727..d53118ca0ed 100644 --- a/2018/14xxx/CVE-2018-14659.json +++ b/2018/14xxx/CVE-2018-14659.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/14xxx/CVE-2018-14660.json b/2018/14xxx/CVE-2018-14660.json index dcab3f0f1a1..fe63b3959da 100644 --- a/2018/14xxx/CVE-2018-14660.json +++ b/2018/14xxx/CVE-2018-14660.json @@ -89,6 +89,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/14xxx/CVE-2018-14661.json b/2018/14xxx/CVE-2018-14661.json index 8bccb5b0517..07591b99194 100644 --- a/2018/14xxx/CVE-2018-14661.json +++ b/2018/14xxx/CVE-2018-14661.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/16xxx/CVE-2018-16062.json b/2018/16xxx/CVE-2018-16062.json index 75c3c791b24..4dcc262ec2f 100644 --- a/2018/16xxx/CVE-2018-16062.json +++ b/2018/16xxx/CVE-2018-16062.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2197", "url": "https://access.redhat.com/errata/RHSA-2019:2197" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2802-1] elfutils security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html" } ] } diff --git a/2018/16xxx/CVE-2018-16402.json b/2018/16xxx/CVE-2018-16402.json index 4e16ddbadf5..4f6253632a5 100644 --- a/2018/16xxx/CVE-2018-16402.json +++ b/2018/16xxx/CVE-2018-16402.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2802-1] elfutils security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html" } ] } diff --git a/2018/16xxx/CVE-2018-16763.json b/2018/16xxx/CVE-2018-16763.json index 2ce1e7af72d..d634a7fba40 100644 --- a/2018/16xxx/CVE-2018-16763.json +++ b/2018/16xxx/CVE-2018-16763.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/160080/Fuel-CMS-1.4-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/164756/Fuel-CMS-1.4.1-Remote-Code-Execution.html" } ] } diff --git a/2018/18xxx/CVE-2018-18310.json b/2018/18xxx/CVE-2018-18310.json index 4ae08ab0642..d6d8f926f9d 100644 --- a/2018/18xxx/CVE-2018-18310.json +++ b/2018/18xxx/CVE-2018-18310.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2197", "url": "https://access.redhat.com/errata/RHSA-2019:2197" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2802-1] elfutils security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html" } ] } diff --git a/2018/18xxx/CVE-2018-18520.json b/2018/18xxx/CVE-2018-18520.json index 1f0efd40a96..aaa0dea3949 100644 --- a/2018/18xxx/CVE-2018-18520.json +++ b/2018/18xxx/CVE-2018-18520.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2197", "url": "https://access.redhat.com/errata/RHSA-2019:2197" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2802-1] elfutils security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html" } ] } diff --git a/2018/18xxx/CVE-2018-18521.json b/2018/18xxx/CVE-2018-18521.json index d662999d1ce..8117c9d865b 100644 --- a/2018/18xxx/CVE-2018-18521.json +++ b/2018/18xxx/CVE-2018-18521.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2197", "url": "https://access.redhat.com/errata/RHSA-2019:2197" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2802-1] elfutils security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html" } ] } diff --git a/2018/1xxx/CVE-2018-1088.json b/2018/1xxx/CVE-2018-1088.json index be487188fcd..d2760e633fa 100644 --- a/2018/1xxx/CVE-2018-1088.json +++ b/2018/1xxx/CVE-2018-1088.json @@ -87,6 +87,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0079", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } diff --git a/2018/25xxx/CVE-2018-25009.json b/2018/25xxx/CVE-2018-25009.json index 7fe55d93db8..e2c6fd7f659 100644 --- a/2018/25xxx/CVE-2018-25009.json +++ b/2018/25xxx/CVE-2018-25009.json @@ -63,6 +63,11 @@ "refsource": "DEBIAN", "name": "DSA-4930", "url": "https://www.debian.org/security/2021/dsa-4930" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0004/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0004/" } ] }, diff --git a/2018/25xxx/CVE-2018-25011.json b/2018/25xxx/CVE-2018-25011.json index dfdf09d73a6..1a46389cf7d 100644 --- a/2018/25xxx/CVE-2018-25011.json +++ b/2018/25xxx/CVE-2018-25011.json @@ -73,6 +73,11 @@ "refsource": "FULLDISC", "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "url": "http://seclists.org/fulldisclosure/2021/Jul/54" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0004/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0004/" } ] }, diff --git a/2018/25xxx/CVE-2018-25014.json b/2018/25xxx/CVE-2018-25014.json index 2f02ddbb21b..7f68631019c 100644 --- a/2018/25xxx/CVE-2018-25014.json +++ b/2018/25xxx/CVE-2018-25014.json @@ -73,6 +73,11 @@ "refsource": "FULLDISC", "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "url": "http://seclists.org/fulldisclosure/2021/Jul/54" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0004/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0004/" } ] }, diff --git a/2018/25xxx/CVE-2018-25019.json b/2018/25xxx/CVE-2018-25019.json index f41ce712854..ab8ed92baf3 100644 --- a/2018/25xxx/CVE-2018-25019.json +++ b/2018/25xxx/CVE-2018-25019.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-25019", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "LearnDash LMS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.5.4", + "version_value": "2.5.4" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server" } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.openwall.net/full-disclosure/2018/01/10/17", + "name": "https://lists.openwall.net/full-disclosure/2018/01/10/17" + }, + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/9444f67b-8e3d-4cf0-b319-ed25e7db383a", + "name": "https://wpscan.com/vulnerability/9444f67b-8e3d-4cf0-b319-ed25e7db383a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "lang": "eng" + } + ] + }, + { + "description": [ + { + "value": "CWE-862 Missing Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Jerome Bruandet (NinTechNet)" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5268.json b/2018/5xxx/CVE-2018-5268.json index df1237f85ca..f2d27d3f14b 100644 --- a/2018/5xxx/CVE-2018-5268.json +++ b/2018/5xxx/CVE-2018-5268.json @@ -71,6 +71,11 @@ "name": "[debian-lts-announce] 20180418 [SECURITY] [DLA 1354-1] opencv security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00019.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2018/5xxx/CVE-2018-5269.json b/2018/5xxx/CVE-2018-5269.json index 3b39aefd8bf..42d864b835b 100644 --- a/2018/5xxx/CVE-2018-5269.json +++ b/2018/5xxx/CVE-2018-5269.json @@ -71,6 +71,11 @@ "name": "https://github.com/opencv/opencv/issues/10540", "refsource": "MISC", "url": "https://github.com/opencv/opencv/issues/10540" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2018/5xxx/CVE-2018-5740.json b/2018/5xxx/CVE-2018-5740.json index 43719c8513d..a909cbffda0 100644 --- a/2018/5xxx/CVE-2018-5740.json +++ b/2018/5xxx/CVE-2018-5740.json @@ -151,6 +151,11 @@ "refsource": "CONFIRM", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211102 [SECURITY] [DLA 2807-1] bind9 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html" } ] }, diff --git a/2018/6xxx/CVE-2018-6044.json b/2018/6xxx/CVE-2018-6044.json index f3b3f8dfae5..5a8b8ecb451 100644 --- a/2018/6xxx/CVE-2018-6044.json +++ b/2018/6xxx/CVE-2018-6044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6044", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6044", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16064. Reason: This candidate is a reservation duplicate of CVE-2018-16064. Notes: All CVE users should reference CVE-2018-16064 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } -} \ No newline at end of file +} diff --git a/2018/6xxx/CVE-2018-6058.json b/2018/6xxx/CVE-2018-6058.json index 0ee7582a097..c243ccea67f 100644 --- a/2018/6xxx/CVE-2018-6058.json +++ b/2018/6xxx/CVE-2018-6058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6058", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6058", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11215. Reason: This candidate is a reservation duplicate of CVE-2017-11215. Notes: All CVE users should reference CVE-2017-11215 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } -} \ No newline at end of file +} diff --git a/2018/6xxx/CVE-2018-6059.json b/2018/6xxx/CVE-2018-6059.json index 29bb11d789e..25b6e606677 100644 --- a/2018/6xxx/CVE-2018-6059.json +++ b/2018/6xxx/CVE-2018-6059.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6059", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6059", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11225. Reason: This candidate is a reservation duplicate of CVE-2017-11225. Notes: All CVE users should reference CVE-2017-11225 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } -} \ No newline at end of file +} diff --git a/2018/6xxx/CVE-2018-6122.json b/2018/6xxx/CVE-2018-6122.json index b78be64e8be..fd350f08b19 100644 --- a/2018/6xxx/CVE-2018-6122.json +++ b/2018/6xxx/CVE-2018-6122.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6122", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6122", + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "66.0.3359.139", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/836141", + "refsource": "MISC", + "name": "https://crbug.com/836141" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2018/6xxx/CVE-2018-6125.json b/2018/6xxx/CVE-2018-6125.json index 027bef810a2..abc877d9bde 100644 --- a/2018/6xxx/CVE-2018-6125.json +++ b/2018/6xxx/CVE-2018-6125.json @@ -1,17 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-6125", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6125", + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "67.0.3396.62", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/818592", + "refsource": "MISC", + "name": "https://crbug.com/818592" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page." } ] } diff --git a/2019/1010xxx/CVE-2019-1010305.json b/2019/1010xxx/CVE-2019-1010305.json index ee53e1e43ca..d5860ae4ef7 100644 --- a/2019/1010xxx/CVE-2019-1010305.json +++ b/2019/1010xxx/CVE-2019-1010305.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190823 [SECURITY] [DLA 1895-1] libmspack security update", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2805-1] libmspack security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html" } ] } diff --git a/2019/13xxx/CVE-2019-13616.json b/2019/13xxx/CVE-2019-13616.json index 7275c67542b..29770cfd8d0 100644 --- a/2019/13xxx/CVE-2019-13616.json +++ b/2019/13xxx/CVE-2019-13616.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/13xxx/CVE-2019-13776.json b/2019/13xxx/CVE-2019-13776.json new file mode 100644 index 00000000000..213526b2297 --- /dev/null +++ b/2019/13xxx/CVE-2019-13776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13776", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: some publications have used this number when they meant to use CVE-2019-13376." + } + ] + } +} diff --git a/2019/14xxx/CVE-2019-14493.json b/2019/14xxx/CVE-2019-14493.json index 0a85f89b3a2..238d03fea47 100644 --- a/2019/14xxx/CVE-2019-14493.json +++ b/2019/14xxx/CVE-2019-14493.json @@ -61,6 +61,11 @@ "url": "https://github.com/opencv/opencv/issues/15127", "refsource": "MISC", "name": "https://github.com/opencv/opencv/issues/15127" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2019/15xxx/CVE-2019-15939.json b/2019/15xxx/CVE-2019-15939.json index 14caf427a94..d08da703fdd 100644 --- a/2019/15xxx/CVE-2019-15939.json +++ b/2019/15xxx/CVE-2019-15939.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2671", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00025.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html" } ] } diff --git a/2019/16xxx/CVE-2019-16240.json b/2019/16xxx/CVE-2019-16240.json new file mode 100644 index 00000000000..0644e26201a --- /dev/null +++ b/2019/16xxx/CVE-2019-16240.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16240", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c06458150", + "url": "https://support.hp.com/us-en/document/c06458150" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17596.json b/2019/17xxx/CVE-2019-17596.json index 3a8938ed677..819c9465abf 100644 --- a/2019/17xxx/CVE-2019-17596.json +++ b/2019/17xxx/CVE-2019-17596.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46" } ] } diff --git a/2019/18xxx/CVE-2019-18912.json b/2019/18xxx/CVE-2019-18912.json new file mode 100644 index 00000000000..6c47b79614f --- /dev/null +++ b/2019/18xxx/CVE-2019-18912.json @@ -0,0 +1,74 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18912", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP LaserJet Enterprise Printers", + "version": { + "version_data": [ + { + "version_value": "before FS4: 2409065_000054" + }, + { + "version_value": "before FS4: 2409065_000073" + }, + { + "version_value": "before FS4: 2409065_000082" + }, + { + "version_value": "before FS4: 2409065_000063" + }, + { + "version_value": "before FS4: 2409065_000092" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential instability of solution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c06513924", + "url": "https://support.hp.com/us-en/document/c06513924" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18914.json b/2019/18xxx/CVE-2019-18914.json new file mode 100644 index 00000000000..30a97de46c0 --- /dev/null +++ b/2019/18xxx/CVE-2019-18914.json @@ -0,0 +1,164 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18914", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP Color LaserJet Managed Printers, HP Color LaserJet Enterprise Printers", + "version": { + "version_data": [ + { + "version_value": "before FS3: 2309025_582081" + }, + { + "version_value": "before FS3: 2309025_582082" + }, + { + "version_value": "before FS3: 2309025_582083" + }, + { + "version_value": "before FS3: 2309025_582084" + }, + { + "version_value": "before FS3: 2309025_582085" + }, + { + "version_value": "before FS3: 2309025_582086" + }, + { + "version_value": "before FS3: 2309025_582087" + }, + { + "version_value": "before FS3: 2309025_582088" + }, + { + "version_value": "before FS3: 2309025_582089" + }, + { + "version_value": "before FS3: 2309025_582091" + }, + { + "version_value": "before FS3: 2309025_582092" + }, + { + "version_value": "before FS3: 2309025_582093" + }, + { + "version_value": "before FS3: 2309025_582096" + }, + { + "version_value": "before FS3: 2309025_582097" + }, + { + "version_value": "before FS3: 2309025_582098" + }, + { + "version_value": "before FS3: 2309025_582099" + }, + { + "version_value": "before FS3: 2309025_582101" + }, + { + "version_value": "before FS3: 2309025_582102" + }, + { + "version_value": "before FS3: 2309025_582103" + }, + { + "version_value": "before FS3: 2309025_582104" + }, + { + "version_value": "before FS3: 2309025_582105" + }, + { + "version_value": "before FS3: 2309025_582106" + }, + { + "version_value": "before FS3: 2309025_582108" + }, + { + "version_value": "before FS3: 2309025_582110" + }, + { + "version_value": "before FS3: 2309025_582112" + }, + { + "version_value": "before FS3: 2309025_582113" + }, + { + "version_value": "before FS3: 2309025_582114" + }, + { + "version_value": "before FS4: 2410028_055002" + }, + { + "version_value": "before FS4: 2410028_055003" + }, + { + "version_value": "before FS4: 2410028_055004" + }, + { + "version_value": "before FS4: 2410028_055005" + }, + { + "version_value": "before FS4: 2410028_055006" + }, + { + "version_value": "before FS4: 2410028_055007" + }, + { + "version_value": "before FS4: 2410028_055008" + }, + { + "version_value": "..." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c06546034", + "url": "https://support.hp.com/us-en/document/c06546034" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client\u2019s browser by clicking on a third-party malicious link." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18916.json b/2019/18xxx/CVE-2019-18916.json new file mode 100644 index 00000000000..0d78d2bee60 --- /dev/null +++ b/2019/18xxx/CVE-2019-18916.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18916", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP Color LaserJet Pro MFP M277 printers", + "version": { + "version_data": [ + { + "version_value": "before 14.0.15344.534" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c06586963", + "url": "https://support.hp.com/us-en/document/c06586963" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19810.json b/2019/19xxx/CVE-2019-19810.json index f3af6baa66e..34dd8ba5d6c 100644 --- a/2019/19xxx/CVE-2019-19810.json +++ b/2019/19xxx/CVE-2019-19810.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host." + "value": "Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host." } ] }, @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://support.zoom.us/hc/en-us/articles/201362473-Local-Recording", - "refsource": "MISC", - "name": "https://support.zoom.us/hc/en-us/articles/201362473-Local-Recording" - }, { "refsource": "MISC", "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-19810-Java%20RMI%20Deserialization-ZoomCallRecording", diff --git a/2019/20xxx/CVE-2019-20455.json b/2019/20xxx/CVE-2019-20455.json index 0b581ed8654..696374aceda 100644 --- a/2019/20xxx/CVE-2019-20455.json +++ b/2019/20xxx/CVE-2019-20455.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://winterdragon.ca/global-payments-vulnerability/", "url": "https://winterdragon.ca/global-payments-vulnerability/" + }, + { + "refsource": "MISC", + "name": "https://github.com/globalpayments/php-sdk/pull/8", + "url": "https://github.com/globalpayments/php-sdk/pull/8" } ] } diff --git a/2019/5xxx/CVE-2019-5863.json b/2019/5xxx/CVE-2019-5863.json index 846ab49c196..a3cd7795ddb 100644 --- a/2019/5xxx/CVE-2019-5863.json +++ b/2019/5xxx/CVE-2019-5863.json @@ -1,18 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5863", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5863", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2019/7xxx/CVE-2019-7150.json b/2019/7xxx/CVE-2019-7150.json index 064d797e0dd..d7c56e65186 100644 --- a/2019/7xxx/CVE-2019-7150.json +++ b/2019/7xxx/CVE-2019-7150.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3575", "url": "https://access.redhat.com/errata/RHSA-2019:3575" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2802-1] elfutils security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html" } ] } diff --git a/2019/7xxx/CVE-2019-7164.json b/2019/7xxx/CVE-2019-7164.json index 24c9d27c258..ffab7f55e7f 100644 --- a/2019/7xxx/CVE-2019-7164.json +++ b/2019/7xxx/CVE-2019-7164.json @@ -91,6 +91,11 @@ "name": "https://github.com/sqlalchemy/sqlalchemy/issues/4481", "refsource": "MISC", "url": "https://github.com/sqlalchemy/sqlalchemy/issues/4481" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211106 [SECURITY] [DLA 2811-1] sqlalchemy security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html" } ] } diff --git a/2019/7xxx/CVE-2019-7548.json b/2019/7xxx/CVE-2019-7548.json index 3329897ad81..4e1fa5f8ea4 100644 --- a/2019/7xxx/CVE-2019-7548.json +++ b/2019/7xxx/CVE-2019-7548.json @@ -96,6 +96,11 @@ "name": "https://github.com/no-security/sqlalchemy_test", "refsource": "MISC", "url": "https://github.com/no-security/sqlalchemy_test" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211106 [SECURITY] [DLA 2811-1] sqlalchemy security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00005.html" } ] } diff --git a/2019/7xxx/CVE-2019-7572.json b/2019/7xxx/CVE-2019-7572.json index 7c59fe93d64..82ef74128f7 100644 --- a/2019/7xxx/CVE-2019-7572.json +++ b/2019/7xxx/CVE-2019-7572.json @@ -116,6 +116,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-24652fe41c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7573.json b/2019/7xxx/CVE-2019-7573.json index ef8c508a4ab..d45bdb93ef5 100644 --- a/2019/7xxx/CVE-2019-7573.json +++ b/2019/7xxx/CVE-2019-7573.json @@ -116,6 +116,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-24652fe41c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7574.json b/2019/7xxx/CVE-2019-7574.json index 2947b73e53f..bf8488ad79f 100644 --- a/2019/7xxx/CVE-2019-7574.json +++ b/2019/7xxx/CVE-2019-7574.json @@ -116,6 +116,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-24652fe41c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7575.json b/2019/7xxx/CVE-2019-7575.json index f14d04bd6e5..1dd8e7076fb 100644 --- a/2019/7xxx/CVE-2019-7575.json +++ b/2019/7xxx/CVE-2019-7575.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7576.json b/2019/7xxx/CVE-2019-7576.json index c05567da588..e25c48ea6b0 100644 --- a/2019/7xxx/CVE-2019-7576.json +++ b/2019/7xxx/CVE-2019-7576.json @@ -116,6 +116,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-24652fe41c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7577.json b/2019/7xxx/CVE-2019-7577.json index 79b84a17a81..24e0941e723 100644 --- a/2019/7xxx/CVE-2019-7577.json +++ b/2019/7xxx/CVE-2019-7577.json @@ -131,6 +131,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7578.json b/2019/7xxx/CVE-2019-7578.json index 99955986c46..1ed59579cc3 100644 --- a/2019/7xxx/CVE-2019-7578.json +++ b/2019/7xxx/CVE-2019-7578.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7635.json b/2019/7xxx/CVE-2019-7635.json index d5e89abfc3b..acff68f106c 100644 --- a/2019/7xxx/CVE-2019-7635.json +++ b/2019/7xxx/CVE-2019-7635.json @@ -151,6 +151,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7636.json b/2019/7xxx/CVE-2019-7636.json index 9272a14ba31..89d71b811be 100644 --- a/2019/7xxx/CVE-2019-7636.json +++ b/2019/7xxx/CVE-2019-7636.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7637.json b/2019/7xxx/CVE-2019-7637.json index 48062a765f9..78064957143 100644 --- a/2019/7xxx/CVE-2019-7637.json +++ b/2019/7xxx/CVE-2019-7637.json @@ -126,6 +126,16 @@ "refsource": "FEDORA", "name": "FEDORA-2020-24652fe41c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2803-1] libsdl2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00031.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7638.json b/2019/7xxx/CVE-2019-7638.json index c308106cb32..77bce3b7023 100644 --- a/2019/7xxx/CVE-2019-7638.json +++ b/2019/7xxx/CVE-2019-7638.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html" } ] } diff --git a/2019/7xxx/CVE-2019-7665.json b/2019/7xxx/CVE-2019-7665.json index 9236c7fdb09..46a3c602d41 100644 --- a/2019/7xxx/CVE-2019-7665.json +++ b/2019/7xxx/CVE-2019-7665.json @@ -86,6 +86,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3575", "url": "https://access.redhat.com/errata/RHSA-2019:3575" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2802-1] elfutils security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html" } ] } diff --git a/2019/9xxx/CVE-2019-9704.json b/2019/9xxx/CVE-2019-9704.json index 9014f64252e..a00d260df03 100644 --- a/2019/9xxx/CVE-2019-9704.json +++ b/2019/9xxx/CVE-2019-9704.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2801-1] cron security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html" } ] } diff --git a/2019/9xxx/CVE-2019-9705.json b/2019/9xxx/CVE-2019-9705.json index 9d980a89628..1e4be3b9455 100644 --- a/2019/9xxx/CVE-2019-9705.json +++ b/2019/9xxx/CVE-2019-9705.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2801-1] cron security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html" } ] } diff --git a/2019/9xxx/CVE-2019-9706.json b/2019/9xxx/CVE-2019-9706.json index 4f890cdc1d3..5605db20517 100644 --- a/2019/9xxx/CVE-2019-9706.json +++ b/2019/9xxx/CVE-2019-9706.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190321 [SECURITY] [DLA 1723-1] cron security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2801-1] cron security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html" } ] } diff --git a/2020/0xxx/CVE-2020-0110.json b/2020/0xxx/CVE-2020-0110.json index 7b291f8d28b..d98e53d1502 100644 --- a/2020/0xxx/CVE-2020-0110.json +++ b/2020/0xxx/CVE-2020-0110.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2020-05-01", "url": "https://source.android.com/security/bulletin/2020-05-01" + }, + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533.html" } ] }, diff --git a/2020/0xxx/CVE-2020-0822.json b/2020/0xxx/CVE-2020-0822.json index 22580884a24..3de861266df 100644 --- a/2020/0xxx/CVE-2020-0822.json +++ b/2020/0xxx/CVE-2020-0822.json @@ -245,52 +245,7 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0822", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0822" - }, - { - "refsource": "MLIST", - "name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency", - "url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency", - "url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[axis-java-user] 20210419 Re: Axis2 1.8.0 Release timelines", - "url": "https://lists.apache.org/thread.html/r492afeeeb1bfe484f2f4a1f5d296eee49b13eb0c579ac460e3d7d957@%3Cjava-user.axis.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[axis-java-user] 20210419 RE: Axis2 1.8.0 Release timelines", - "url": "https://lists.apache.org/thread.html/r31d9c450e6d84e82e85c2dd1a7586f56ae4ed6776e5b8765c30fe2ac@%3Cjava-user.axis.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[axis-java-dev] 20210525 [jira] [Created] (AXIS2-6002) AXIS 2 1.7.9 jars with vulnerability CVE-2020-0822", - "url": "https://lists.apache.org/thread.html/r02687681920bb91816b735cc48847eef77c473a749678d855fbb565d@%3Cjava-dev.axis.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[axis-java-dev] 20210525 [jira] [Closed] (AXIS2-6002) AXIS 2 1.7.9 jars with vulnerability CVE-2020-0822", - "url": "https://lists.apache.org/thread.html/r258f18d563859c0ef9584fd7341426bd14f5042bdf7e7bc396d91272@%3Cjava-dev.axis.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[tomcat-dev] 20210823 [Bug 65517] New: upgrade to axis2-adb 1.8.0 to address CVE-2020-0822", - "url": "https://lists.apache.org/thread.html/rf3058e80123e804b74face024752c1ded5213e63011de139f25977bc@%3Cdev.tomcat.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[tomcat-dev] 20210823 [Bug 65517] upgrade to axis2-adb 1.8.0 to address CVE-2020-0822", - "url": "https://lists.apache.org/thread.html/r6dbbfd80c4b335685e2a561f85013593e7b99934d4cdfc5fc129f4ce@%3Cdev.tomcat.apache.org%3E" - }, - { - "refsource": "MLIST", - "name": "[tomcat-dev] 20210915 [Bug 65517] upgrade to axis2-adb 1.8.0 to address CVE-2020-0822", - "url": "https://lists.apache.org/thread.html/reddd31784f5cf8dfb80e473ae1d4f0f28a8367362bd7edaeb2988f86@%3Cdev.tomcat.apache.org%3E" } ] } -} \ No newline at end of file +} diff --git a/2020/10xxx/CVE-2020-10001.json b/2020/10xxx/CVE-2020-10001.json index f99a402a1e8..2f83146a8c4 100644 --- a/2020/10xxx/CVE-2020-10001.json +++ b/2020/10xxx/CVE-2020-10001.json @@ -49,6 +49,11 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212011", "name": "https://support.apple.com/en-us/HT212011" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211030 [SECURITY] [DLA 2800-1] cups security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html" } ] }, diff --git a/2020/10xxx/CVE-2020-10052.json b/2020/10xxx/CVE-2020-10052.json index 1b3cc2133f5..d85f4c66168 100644 --- a/2020/10xxx/CVE-2020-10052.json +++ b/2020/10xxx/CVE-2020-10052.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2020-10052", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10052", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Insertion of Sensitive Information into Log File" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf" } ] } diff --git a/2020/10xxx/CVE-2020-10053.json b/2020/10xxx/CVE-2020-10053.json index 138d9147af1..614b919a6c6 100644 --- a/2020/10xxx/CVE-2020-10053.json +++ b/2020/10xxx/CVE-2020-10053.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2020-10053", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312: Cleartext Storage of Sensitive Information" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf" } ] } diff --git a/2020/10xxx/CVE-2020-10054.json b/2020/10xxx/CVE-2020-10054.json index f7a4849b748..dacc3c07b7a 100644 --- a/2020/10xxx/CVE-2020-10054.json +++ b/2020/10xxx/CVE-2020-10054.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2020-10054", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-10054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf" } ] } diff --git a/2020/10xxx/CVE-2020-10188.json b/2020/10xxx/CVE-2020-10188.json index 443d560ff33..e1193c52979 100644 --- a/2020/10xxx/CVE-2020-10188.json +++ b/2020/10xxx/CVE-2020-10188.json @@ -96,6 +96,11 @@ "url": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216", "refsource": "MISC", "name": "https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/10702-security-advisory-48", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/10702-security-advisory-48" } ] } diff --git a/2020/11xxx/CVE-2020-11022.json b/2020/11xxx/CVE-2020-11022.json index 2a8e0631a35..4b3ffcf9cb3 100644 --- a/2020/11xxx/CVE-2020-11022.json +++ b/2020/11xxx/CVE-2020-11022.json @@ -258,6 +258,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", + "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2020/11xxx/CVE-2020-11023.json b/2020/11xxx/CVE-2020-11023.json index bfb320c4295..d379dadf7f1 100644 --- a/2020/11xxx/CVE-2020-11023.json +++ b/2020/11xxx/CVE-2020-11023.json @@ -368,6 +368,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", + "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E" } ] }, diff --git a/2020/12xxx/CVE-2020-12814.json b/2020/12xxx/CVE-2020-12814.json index 3622039f62f..8477f35dc0b 100644 --- a/2020/12xxx/CVE-2020-12814.json +++ b/2020/12xxx/CVE-2020-12814.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-12814", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiAnalyzer", + "version": { + "version_data": [ + { + "version_value": "FortiAnalyzer 6.4.4, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 4.1, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-092", + "url": "https://fortiguard.com/advisory/FG-IR-20-092" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI." } ] } diff --git a/2020/14xxx/CVE-2020-14144.json b/2020/14xxx/CVE-2020-14144.json index fbe3576a7dc..60975779c0f 100644 --- a/2020/14xxx/CVE-2020-14144.json +++ b/2020/14xxx/CVE-2020-14144.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "https://github.com/PandatiX/CVE-2021-28378", "url": "https://github.com/PandatiX/CVE-2021-28378" + }, + { + "refsource": "MISC", + "name": "https://github.com/PandatiX/CVE-2021-28378#notes", + "url": "https://github.com/PandatiX/CVE-2021-28378#notes" } ] } diff --git a/2020/14xxx/CVE-2020-14933.json b/2020/14xxx/CVE-2020-14933.json index 604300ce675..ead3226f5de 100644 --- a/2020/14xxx/CVE-2020-14933.json +++ b/2020/14xxx/CVE-2020-14933.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request." + "value": "** DISPUTED ** compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded). ." } ] }, diff --git a/2020/15xxx/CVE-2020-15225.json b/2020/15xxx/CVE-2020-15225.json index e6cb64cd8ce..5c8e1cca8a3 100644 --- a/2020/15xxx/CVE-2020-15225.json +++ b/2020/15xxx/CVE-2020-15225.json @@ -98,6 +98,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-f213fea441", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPHENTRHRAYFXYPPBT7JRHZRWILRY44S/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1acbee2459", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAT2ZAEF6DM3VFSOHKB7X3ASSHGQHJAK/" } ] }, diff --git a/2020/15xxx/CVE-2020-15795.json b/2020/15xxx/CVE-2020-15795.json index da36b26f4a2..ac9ac00cd33 100644 --- a/2020/15xxx/CVE-2020-15795.json +++ b/2020/15xxx/CVE-2020-15795.json @@ -14,6 +14,16 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "Versions including affected DNS modules" + } + ] + } + }, { "product_name": "Nucleus NET", "version": { @@ -24,32 +34,12 @@ ] } }, - { - "product_name": "Nucleus RTOS", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } - }, { "product_name": "Nucleus Source Code", "version": { "version_data": [ { - "version_value": "versions including affected DNS modules" - } - ] - } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" + "version_value": "Versions including affected DNS modules" } ] } @@ -76,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition." } ] }, diff --git a/2020/15xxx/CVE-2020-15935.json b/2020/15xxx/CVE-2020-15935.json index af0d9a38e4f..a0f83946c97 100644 --- a/2020/15xxx/CVE-2020-15935.json +++ b/2020/15xxx/CVE-2020-15935.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-15935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiADC", + "version": { + "version_data": [ + { + "version_value": "FortiADC 5.4.3 6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 4.2, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-044", + "url": "https://fortiguard.com/advisory/FG-IR-20-044" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields." } ] } diff --git a/2020/15xxx/CVE-2020-15940.json b/2020/15xxx/CVE-2020-15940.json index d9faa8b5189..2e80c41cf18 100644 --- a/2020/15xxx/CVE-2020-15940.json +++ b/2020/15xxx/CVE-2020-15940.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-15940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientEMS", + "version": { + "version_data": [ + { + "version_value": "FortiClientEMS 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 4.0, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-067", + "url": "https://fortiguard.com/advisory/FG-IR-20-067" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server." } ] } diff --git a/2020/16xxx/CVE-2020-16048.json b/2020/16xxx/CVE-2020-16048.json index d40ebfe1a14..1a44677a23a 100644 --- a/2020/16xxx/CVE-2020-16048.json +++ b/2020/16xxx/CVE-2020-16048.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-16048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1174641", + "refsource": "MISC", + "name": "https://crbug.com/1174641" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page." } ] } diff --git a/2020/18xxx/CVE-2020-18259.json b/2020/18xxx/CVE-2020-18259.json index 122577085f6..615c07c8b3a 100644 --- a/2020/18xxx/CVE-2020-18259.json +++ b/2020/18xxx/CVE-2020-18259.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18259", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18259", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chilin89117/ED01-CMS/issues/1", + "refsource": "MISC", + "name": "https://github.com/chilin89117/ED01-CMS/issues/1" } ] } diff --git a/2020/18xxx/CVE-2020-18261.json b/2020/18xxx/CVE-2020-18261.json index 15995beaf46..de0284ceb22 100644 --- a/2020/18xxx/CVE-2020-18261.json +++ b/2020/18xxx/CVE-2020-18261.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18261", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18261", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chilin89117/ED01-CMS/issues/2", + "refsource": "MISC", + "name": "https://github.com/chilin89117/ED01-CMS/issues/2" } ] } diff --git a/2020/18xxx/CVE-2020-18262.json b/2020/18xxx/CVE-2020-18262.json index fcedacaebfd..1835f0d31fd 100644 --- a/2020/18xxx/CVE-2020-18262.json +++ b/2020/18xxx/CVE-2020-18262.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18262", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18262", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chilin89117/ED01-CMS/issues/3", + "refsource": "MISC", + "name": "https://github.com/chilin89117/ED01-CMS/issues/3" } ] } diff --git a/2020/18xxx/CVE-2020-18263.json b/2020/18xxx/CVE-2020-18263.json index 987b5e1b02d..ffbb9a891ff 100644 --- a/2020/18xxx/CVE-2020-18263.json +++ b/2020/18xxx/CVE-2020-18263.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18263", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18263", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/harshitbansal373/PHP-CMS/issues/1", + "refsource": "MISC", + "name": "https://github.com/harshitbansal373/PHP-CMS/issues/1" } ] } diff --git a/2020/18xxx/CVE-2020-18438.json b/2020/18xxx/CVE-2020-18438.json index 5735252f156..8be8efc3ffe 100644 --- a/2020/18xxx/CVE-2020-18438.json +++ b/2020/18xxx/CVE-2020-18438.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18438", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18438", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/qinggan/phpok/issues/4", + "refsource": "MISC", + "name": "https://github.com/qinggan/phpok/issues/4" } ] } diff --git a/2020/18xxx/CVE-2020-18439.json b/2020/18xxx/CVE-2020-18439.json index 70c45683111..0cab82cfb51 100644 --- a/2020/18xxx/CVE-2020-18439.json +++ b/2020/18xxx/CVE-2020-18439.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18439", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18439", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/qinggan/phpok/issues/4", + "refsource": "MISC", + "name": "https://github.com/qinggan/phpok/issues/4" } ] } diff --git a/2020/18xxx/CVE-2020-18440.json b/2020/18xxx/CVE-2020-18440.json index 6cbc0e4119f..b437ae4f951 100644 --- a/2020/18xxx/CVE-2020-18440.json +++ b/2020/18xxx/CVE-2020-18440.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18440", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18440", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/qinggan/phpok/issues/4", + "refsource": "MISC", + "name": "https://github.com/qinggan/phpok/issues/4" } ] } diff --git a/2020/19xxx/CVE-2020-19143.json b/2020/19xxx/CVE-2020-19143.json index 47ac4e068e5..069b9636bda 100644 --- a/2020/19xxx/CVE-2020-19143.json +++ b/2020/19xxx/CVE-2020-19143.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211004-0005/", "url": "https://security.netapp.com/advisory/ntap-20211004-0005/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4997", + "url": "https://www.debian.org/security/2021/dsa-4997" } ] } diff --git a/2020/20xxx/CVE-2020-20450.json b/2020/20xxx/CVE-2020-20450.json index d40bcc8abb3..ace2667e5cc 100644 --- a/2020/20xxx/CVE-2020-20450.json +++ b/2020/20xxx/CVE-2020-20450.json @@ -56,6 +56,11 @@ "url": "https://trac.ffmpeg.org/ticket/7993", "refsource": "MISC", "name": "https://trac.ffmpeg.org/ticket/7993" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4998", + "url": "https://www.debian.org/security/2021/dsa-4998" } ] } diff --git a/2020/20xxx/CVE-2020-20657.json b/2020/20xxx/CVE-2020-20657.json index afe0b5b4213..61d696954ea 100644 --- a/2020/20xxx/CVE-2020-20657.json +++ b/2020/20xxx/CVE-2020-20657.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20657", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20657", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denial of service via an unexpected packet while trying to connect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fcovatti/libiec_iccp_mod/issues/1", + "refsource": "MISC", + "name": "https://github.com/fcovatti/libiec_iccp_mod/issues/1" } ] } diff --git a/2020/20xxx/CVE-2020-20658.json b/2020/20xxx/CVE-2020-20658.json index f44169a99ff..a056f132956 100644 --- a/2020/20xxx/CVE-2020-20658.json +++ b/2020/20xxx/CVE-2020-20658.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20658", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20658", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fcovatti/libiec_iccp_mod/issues/2", + "refsource": "MISC", + "name": "https://github.com/fcovatti/libiec_iccp_mod/issues/2" } ] } diff --git a/2020/20xxx/CVE-2020-20982.json b/2020/20xxx/CVE-2020-20982.json index 994eab69ba5..fea0971aa51 100644 --- a/2020/20xxx/CVE-2020-20982.json +++ b/2020/20xxx/CVE-2020-20982.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-20982", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-20982", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/shadoweb/wdja/issues/1", + "refsource": "MISC", + "name": "https://github.com/shadoweb/wdja/issues/1" } ] } diff --git a/2020/21xxx/CVE-2020-21139.json b/2020/21xxx/CVE-2020-21139.json index 9dbd115198c..0bb91ee3c71 100644 --- a/2020/21xxx/CVE-2020-21139.json +++ b/2020/21xxx/CVE-2020-21139.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21139", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21139", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Ryan0lb/EC-cloud-e-commerce-system-CVE-application/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/Ryan0lb/EC-cloud-e-commerce-system-CVE-application/blob/master/README.md" } ] } diff --git a/2020/21xxx/CVE-2020-21572.json b/2020/21xxx/CVE-2020-21572.json index dec2bdc0625..cbc53041711 100644 --- a/2020/21xxx/CVE-2020-21572.json +++ b/2020/21xxx/CVE-2020-21572.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21572", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21572", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/trgil/gilcc/issues/1", + "refsource": "MISC", + "name": "https://github.com/trgil/gilcc/issues/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/trgil/gilcc/commit/803969389ca9c06237075a7f8eeb1a19e6651759", + "url": "https://github.com/trgil/gilcc/commit/803969389ca9c06237075a7f8eeb1a19e6651759" } ] } diff --git a/2020/21xxx/CVE-2020-21573.json b/2020/21xxx/CVE-2020-21573.json index 3d9047ad13e..2b7bb91d094 100644 --- a/2020/21xxx/CVE-2020-21573.json +++ b/2020/21xxx/CVE-2020-21573.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21573", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21573", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/abhijitnathwani/image-processing/issues/3", + "refsource": "MISC", + "name": "https://github.com/abhijitnathwani/image-processing/issues/3" } ] } diff --git a/2020/21xxx/CVE-2020-21574.json b/2020/21xxx/CVE-2020-21574.json index 161055b5454..73b834692a2 100644 --- a/2020/21xxx/CVE-2020-21574.json +++ b/2020/21xxx/CVE-2020-21574.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21574", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21574", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/YotsuyaNight/c-http/issues/1", + "refsource": "MISC", + "name": "https://github.com/YotsuyaNight/c-http/issues/1" } ] } diff --git a/2020/21xxx/CVE-2020-21688.json b/2020/21xxx/CVE-2020-21688.json index 72fc4504093..0e42c9b57df 100644 --- a/2020/21xxx/CVE-2020-21688.json +++ b/2020/21xxx/CVE-2020-21688.json @@ -56,6 +56,11 @@ "url": "https://trac.ffmpeg.org/ticket/8186", "refsource": "MISC", "name": "https://trac.ffmpeg.org/ticket/8186" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4998", + "url": "https://www.debian.org/security/2021/dsa-4998" } ] } diff --git a/2020/21xxx/CVE-2020-21697.json b/2020/21xxx/CVE-2020-21697.json index e9e8fe0d680..7fea35caf6e 100644 --- a/2020/21xxx/CVE-2020-21697.json +++ b/2020/21xxx/CVE-2020-21697.json @@ -56,6 +56,11 @@ "url": "https://trac.ffmpeg.org/ticket/8188", "refsource": "MISC", "name": "https://trac.ffmpeg.org/ticket/8188" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4998", + "url": "https://www.debian.org/security/2021/dsa-4998" } ] } diff --git a/2020/22xxx/CVE-2020-22042.json b/2020/22xxx/CVE-2020-22042.json index a6b57986593..dcd0be8aa0d 100644 --- a/2020/22xxx/CVE-2020-22042.json +++ b/2020/22xxx/CVE-2020-22042.json @@ -56,6 +56,11 @@ "url": "https://trac.ffmpeg.org/ticket/8267", "refsource": "MISC", "name": "https://trac.ffmpeg.org/ticket/8267" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4998", + "url": "https://www.debian.org/security/2021/dsa-4998" } ] } diff --git a/2020/22xxx/CVE-2020-22222.json b/2020/22xxx/CVE-2020-22222.json index d154052f0e0..8bad3708836 100644 --- a/2020/22xxx/CVE-2020-22222.json +++ b/2020/22xxx/CVE-2020-22222.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22222", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22222", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/cZFwMb5F", + "refsource": "MISC", + "name": "https://pastebin.com/cZFwMb5F" } ] } diff --git a/2020/22xxx/CVE-2020-22223.json b/2020/22xxx/CVE-2020-22223.json index cd043520d71..6f7a7b4b62f 100644 --- a/2020/22xxx/CVE-2020-22223.json +++ b/2020/22xxx/CVE-2020-22223.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22223", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22223", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/cZFwMb5F", + "refsource": "MISC", + "name": "https://pastebin.com/cZFwMb5F" } ] } diff --git a/2020/22xxx/CVE-2020-22224.json b/2020/22xxx/CVE-2020-22224.json index 0beb2981885..ea80e9ca068 100644 --- a/2020/22xxx/CVE-2020-22224.json +++ b/2020/22xxx/CVE-2020-22224.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22224", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22224", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/cZFwMb5F", + "refsource": "MISC", + "name": "https://pastebin.com/cZFwMb5F" } ] } diff --git a/2020/22xxx/CVE-2020-22225.json b/2020/22xxx/CVE-2020-22225.json index 0d8f6444d10..0e4a1dfde64 100644 --- a/2020/22xxx/CVE-2020-22225.json +++ b/2020/22xxx/CVE-2020-22225.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22225", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22225", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/cZFwMb5F", + "refsource": "MISC", + "name": "https://pastebin.com/cZFwMb5F" } ] } diff --git a/2020/22xxx/CVE-2020-22226.json b/2020/22xxx/CVE-2020-22226.json index 344ac50d808..7d95c9262b1 100644 --- a/2020/22xxx/CVE-2020-22226.json +++ b/2020/22xxx/CVE-2020-22226.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22226", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22226", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://pastebin.com/cZFwMb5F", + "refsource": "MISC", + "name": "https://pastebin.com/cZFwMb5F" } ] } diff --git a/2020/23xxx/CVE-2020-23109.json b/2020/23xxx/CVE-2020-23109.json index 732ad3a34fc..16426b7912a 100644 --- a/2020/23xxx/CVE-2020-23109.json +++ b/2020/23xxx/CVE-2020-23109.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23109", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23109", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/strukturag/libheif/issues/207", + "refsource": "MISC", + "name": "https://github.com/strukturag/libheif/issues/207" } ] } diff --git a/2020/23xxx/CVE-2020-23126.json b/2020/23xxx/CVE-2020-23126.json index cf1ec253836..80f7f4b64e6 100644 --- a/2020/23xxx/CVE-2020-23126.json +++ b/2020/23xxx/CVE-2020-23126.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23126", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23126", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-42-2020-04-23-High-risk-low-impact-XSS-in-extended-users-profile-fields", + "refsource": "MISC", + "name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-42-2020-04-23-High-risk-low-impact-XSS-in-extended-users-profile-fields" } ] } diff --git a/2020/23xxx/CVE-2020-23129.json b/2020/23xxx/CVE-2020-23129.json index ad917e4cac7..b905b9b594b 100644 --- a/2020/23xxx/CVE-2020-23129.json +++ b/2020/23xxx/CVE-2020-23129.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-23129", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2020/23xxx/CVE-2020-23130.json b/2020/23xxx/CVE-2020-23130.json index 3d96bae5d6d..2fb6d61d556 100644 --- a/2020/23xxx/CVE-2020-23130.json +++ b/2020/23xxx/CVE-2020-23130.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-23130", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2020/23xxx/CVE-2020-23565.json b/2020/23xxx/CVE-2020-23565.json index 2d8609e269c..f26ffcfba64 100644 --- a/2020/23xxx/CVE-2020-23565.json +++ b/2020/23xxx/CVE-2020-23565.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23565", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23565", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a \"Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/KamasuOri/publicResearch/tree/master/poc/irfanview/3", + "refsource": "MISC", + "name": "https://github.com/KamasuOri/publicResearch/tree/master/poc/irfanview/3" } ] } diff --git a/2020/23xxx/CVE-2020-23566.json b/2020/23xxx/CVE-2020-23566.json index 411593b704b..854fc6d88ad 100644 --- a/2020/23xxx/CVE-2020-23566.json +++ b/2020/23xxx/CVE-2020-23566.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23566", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23566", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/KamasuOri/publicResearch/tree/master/poc/irfanview/1", + "refsource": "MISC", + "name": "https://github.com/KamasuOri/publicResearch/tree/master/poc/irfanview/1" } ] } diff --git a/2020/23xxx/CVE-2020-23567.json b/2020/23xxx/CVE-2020-23567.json index 9c5e7f44f93..6e121d17288 100644 --- a/2020/23xxx/CVE-2020-23567.json +++ b/2020/23xxx/CVE-2020-23567.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23567", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23567", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to \"Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/KamasuOri/publicResearch/tree/master/poc/irfanview/2", + "refsource": "MISC", + "name": "https://github.com/KamasuOri/publicResearch/tree/master/poc/irfanview/2" } ] } diff --git a/2020/23xxx/CVE-2020-23572.json b/2020/23xxx/CVE-2020-23572.json index f0a865c444d..c4a908d0b15 100644 --- a/2020/23xxx/CVE-2020-23572.json +++ b/2020/23xxx/CVE-2020-23572.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23572", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23572", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/source-trace/beescms/issues/6", + "refsource": "MISC", + "name": "https://github.com/source-trace/beescms/issues/6" } ] } diff --git a/2020/23xxx/CVE-2020-23679.json b/2020/23xxx/CVE-2020-23679.json index 19b1c095cab..415d7a5ca36 100644 --- a/2020/23xxx/CVE-2020-23679.json +++ b/2020/23xxx/CVE-2020-23679.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23679", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23679", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Renleilei1992/Linux_Network_Project/issues/1", + "refsource": "MISC", + "name": "https://github.com/Renleilei1992/Linux_Network_Project/issues/1" } ] } diff --git a/2020/23xxx/CVE-2020-23680.json b/2020/23xxx/CVE-2020-23680.json index 268888e3bb4..464cdd25fe1 100644 --- a/2020/23xxx/CVE-2020-23680.json +++ b/2020/23xxx/CVE-2020-23680.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23680", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23680", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/philips/text2pdf/issues/1", + "refsource": "MISC", + "name": "https://github.com/philips/text2pdf/issues/1" + }, + { + "refsource": "MISC", + "name": "http://www.eprg.org/pdfcorner/text2pdf/", + "url": "http://www.eprg.org/pdfcorner/text2pdf/" } ] } diff --git a/2020/23xxx/CVE-2020-23685.json b/2020/23xxx/CVE-2020-23685.json index 264a7a9ec19..24db6cf2e48 100644 --- a/2020/23xxx/CVE-2020-23685.json +++ b/2020/23xxx/CVE-2020-23685.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23685", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23685", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vtime-tech/188Jianzhan/issues/2", + "refsource": "MISC", + "name": "https://github.com/vtime-tech/188Jianzhan/issues/2" } ] } diff --git a/2020/23xxx/CVE-2020-23686.json b/2020/23xxx/CVE-2020-23686.json index 6206007889f..b0ae5b3cc34 100644 --- a/2020/23xxx/CVE-2020-23686.json +++ b/2020/23xxx/CVE-2020-23686.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23686", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23686", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/loadream/AyaCMS/issues/1", + "refsource": "MISC", + "name": "https://github.com/loadream/AyaCMS/issues/1" } ] } diff --git a/2020/23xxx/CVE-2020-23718.json b/2020/23xxx/CVE-2020-23718.json index edaafd216e7..9b890f0222e 100644 --- a/2020/23xxx/CVE-2020-23718.json +++ b/2020/23xxx/CVE-2020-23718.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23718", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23718", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xujinliang/zibbs/issues/4", + "refsource": "MISC", + "name": "https://github.com/xujinliang/zibbs/issues/4" } ] } diff --git a/2020/23xxx/CVE-2020-23719.json b/2020/23xxx/CVE-2020-23719.json index 10e13ea90f3..fa62444b04e 100644 --- a/2020/23xxx/CVE-2020-23719.json +++ b/2020/23xxx/CVE-2020-23719.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23719", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23719", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xujinliang/zibbs/issues/5", + "refsource": "MISC", + "name": "https://github.com/xujinliang/zibbs/issues/5" } ] } diff --git a/2020/23xxx/CVE-2020-23754.json b/2020/23xxx/CVE-2020-23754.json index c658c26ee7b..63dc313f27a 100644 --- a/2020/23xxx/CVE-2020-23754.json +++ b/2020/23xxx/CVE-2020-23754.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-23754", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-23754", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/php-fusion/PHP-Fusion/issues/2315", + "refsource": "MISC", + "name": "https://github.com/php-fusion/PHP-Fusion/issues/2315" + }, + { + "url": "https://user-images.githubusercontent.com/62001260/81574112-9412e100-93cf-11ea-9493-615a70162034.PNG", + "refsource": "MISC", + "name": "https://user-images.githubusercontent.com/62001260/81574112-9412e100-93cf-11ea-9493-615a70162034.PNG" + }, + { + "url": "https://user-images.githubusercontent.com/62001260/81574006-6fb70480-93cf-11ea-814c-55a96d2fe95e.PNG", + "refsource": "MISC", + "name": "https://user-images.githubusercontent.com/62001260/81574006-6fb70480-93cf-11ea-814c-55a96d2fe95e.PNG" } ] } diff --git a/2020/24xxx/CVE-2020-24000.json b/2020/24xxx/CVE-2020-24000.json index c229688fe6f..28688c1b613 100644 --- a/2020/24xxx/CVE-2020-24000.json +++ b/2020/24xxx/CVE-2020-24000.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24000", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24000", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/eyoucms/eyoucms/issues/13", + "refsource": "MISC", + "name": "https://github.com/eyoucms/eyoucms/issues/13" } ] } diff --git a/2020/24xxx/CVE-2020-24743.json b/2020/24xxx/CVE-2020-24743.json index 34d33e7a540..330ac47629e 100644 --- a/2020/24xxx/CVE-2020-24743.json +++ b/2020/24xxx/CVE-2020-24743.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24743", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24743", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14550", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/applications_manager/issues.html#v14550" } ] } diff --git a/2020/25xxx/CVE-2020-25366.json b/2020/25xxx/CVE-2020-25366.json index 131e6dca8eb..fda3b8c120f 100644 --- a/2020/25xxx/CVE-2020-25366.json +++ b/2020/25xxx/CVE-2020-25366.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25366", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25366", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://d-link.com", + "refsource": "MISC", + "name": "http://d-link.com" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "refsource": "MISC", + "name": "https://github.com/sek1th/iot/blob/master/dir823g_upfw_dos.md", + "url": "https://github.com/sek1th/iot/blob/master/dir823g_upfw_dos.md" } ] } diff --git a/2020/25xxx/CVE-2020-25367.json b/2020/25xxx/CVE-2020-25367.json index 58ce6d995df..880774209bc 100644 --- a/2020/25xxx/CVE-2020-25367.json +++ b/2020/25xxx/CVE-2020-25367.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25367", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25367", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://d-link.com", + "refsource": "MISC", + "name": "http://d-link.com" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "refsource": "MISC", + "name": "https://github.com/sek1th/iot/blob/master/dir823g_3.md", + "url": "https://github.com/sek1th/iot/blob/master/dir823g_3.md" } ] } diff --git a/2020/25xxx/CVE-2020-25368.json b/2020/25xxx/CVE-2020-25368.json index f80837a6c68..1b9ef098d9c 100644 --- a/2020/25xxx/CVE-2020-25368.json +++ b/2020/25xxx/CVE-2020-25368.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25368", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25368", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://d-link.com", + "refsource": "MISC", + "name": "http://d-link.com" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "refsource": "MISC", + "name": "https://github.com/sek1th/iot/blob/master/dir-823g_2.md", + "url": "https://github.com/sek1th/iot/blob/master/dir-823g_2.md" } ] } diff --git a/2020/25xxx/CVE-2020-25872.json b/2020/25xxx/CVE-2020-25872.json index b4c75e7d969..eaea82fae1f 100644 --- a/2020/25xxx/CVE-2020-25872.json +++ b/2020/25xxx/CVE-2020-25872.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25872", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25872", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/philippe/FrogCMS/issues/34", + "refsource": "MISC", + "name": "https://github.com/philippe/FrogCMS/issues/34" } ] } diff --git a/2020/25xxx/CVE-2020-25873.json b/2020/25xxx/CVE-2020-25873.json index 064802d5451..18b620fc667 100644 --- a/2020/25xxx/CVE-2020-25873.json +++ b/2020/25xxx/CVE-2020-25873.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25873", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25873", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the \"id\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/baijiacms/baijiacmsV4/issues/6", + "refsource": "MISC", + "name": "https://github.com/baijiacms/baijiacmsV4/issues/6" } ] } diff --git a/2020/25xxx/CVE-2020-25881.json b/2020/25xxx/CVE-2020-25881.json index ddc03697e12..1a6fe178db1 100644 --- a/2020/25xxx/CVE-2020-25881.json +++ b/2020/25xxx/CVE-2020-25881.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25881", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25881", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/AubreyJun/cms/issues/2", + "refsource": "MISC", + "name": "https://github.com/AubreyJun/cms/issues/2" + }, + { + "url": "http://www.ranko.cn/index.html", + "refsource": "MISC", + "name": "http://www.ranko.cn/index.html" + }, + { + "url": "https://gitee.com/wuxi_ranko/cms", + "refsource": "MISC", + "name": "https://gitee.com/wuxi_ranko/cms" } ] } diff --git a/2020/25xxx/CVE-2020-25911.json b/2020/25xxx/CVE-2020-25911.json index 1a5cbce2b69..bff409d11dd 100644 --- a/2020/25xxx/CVE-2020-25911.json +++ b/2020/25xxx/CVE-2020-25911.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25911", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25911", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/modxcms/revolution/issues/15237", + "refsource": "MISC", + "name": "https://github.com/modxcms/revolution/issues/15237" + }, + { + "refsource": "MISC", + "name": "https://github.com/dahua966/Vul_disclose/blob/main/XXE_modxcms.md", + "url": "https://github.com/dahua966/Vul_disclose/blob/main/XXE_modxcms.md" } ] } diff --git a/2020/25xxx/CVE-2020-25912.json b/2020/25xxx/CVE-2020-25912.json index b1640ffbc3d..0713bcd758d 100644 --- a/2020/25xxx/CVE-2020-25912.json +++ b/2020/25xxx/CVE-2020-25912.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25912", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25912", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A XML External Entity (XXE) vulnerability was discovered in symphony\\lib\\toolkit\\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://symphony.com", + "refsource": "MISC", + "name": "http://symphony.com" + }, + { + "url": "https://github.com/symphonycms/symphonycms/issues/2924", + "refsource": "MISC", + "name": "https://github.com/symphonycms/symphonycms/issues/2924" } ] } diff --git a/2020/26xxx/CVE-2020-26258.json b/2020/26xxx/CVE-2020-26258.json index f1f698259f6..2e471439bcb 100644 --- a/2020/26xxx/CVE-2020-26258.json +++ b/2020/26xxx/CVE-2020-26258.json @@ -108,6 +108,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d894ca87dc", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5e376c0ed9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/" } ] }, diff --git a/2020/26xxx/CVE-2020-26259.json b/2020/26xxx/CVE-2020-26259.json index da7f8a36c79..78f13615cf8 100644 --- a/2020/26xxx/CVE-2020-26259.json +++ b/2020/26xxx/CVE-2020-26259.json @@ -108,6 +108,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d894ca87dc", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5e376c0ed9", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/" } ] }, diff --git a/2020/26xxx/CVE-2020-26705.json b/2020/26xxx/CVE-2020-26705.json index 9f3a1844ae4..c7cb675f84a 100644 --- a/2020/26xxx/CVE-2020-26705.json +++ b/2020/26xxx/CVE-2020-26705.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26705", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26705", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/darkfoxprime/python-easy_xml/issues/1", + "refsource": "MISC", + "name": "https://github.com/darkfoxprime/python-easy_xml/issues/1" } ] } diff --git a/2020/26xxx/CVE-2020-26707.json b/2020/26xxx/CVE-2020-26707.json index be59142a7c4..59a2a2b0935 100644 --- a/2020/26xxx/CVE-2020-26707.json +++ b/2020/26xxx/CVE-2020-26707.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26707", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26707", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shenzhim/aaptjs/issues/2", + "url": "https://github.com/shenzhim/aaptjs/issues/2" } ] } diff --git a/2020/27xxx/CVE-2020-27009.json b/2020/27xxx/CVE-2020-27009.json index 80c4094ffb7..7956cad0275 100644 --- a/2020/27xxx/CVE-2020-27009.json +++ b/2020/27xxx/CVE-2020-27009.json @@ -14,6 +14,16 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "Versions including affected DNS modules" + } + ] + } + }, { "product_name": "Nucleus NET", "version": { @@ -24,32 +34,12 @@ ] } }, - { - "product_name": "Nucleus RTOS", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } - }, { "product_name": "Nucleus Source Code", "version": { "version_data": [ { - "version_value": "versions including affected DNS modules" - } - ] - } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" + "version_value": "Versions including affected DNS modules" } ] } @@ -76,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition." } ] }, diff --git a/2020/27xxx/CVE-2020-27406.json b/2020/27xxx/CVE-2020-27406.json index 9593123136e..f5678202ced 100644 --- a/2020/27xxx/CVE-2020-27406.json +++ b/2020/27xxx/CVE-2020-27406.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27406", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27406", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://dynpg.com", + "refsource": "MISC", + "name": "http://dynpg.com" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48865", + "url": "https://www.exploit-db.com/exploits/48865" } ] } diff --git a/2020/27xxx/CVE-2020-27736.json b/2020/27xxx/CVE-2020-27736.json index 9de10afb148..8094a356586 100644 --- a/2020/27xxx/CVE-2020-27736.json +++ b/2020/27xxx/CVE-2020-27736.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Nucleus 4", + "product_name": "Capital VSTAR", "version": { "version_data": [ { - "version_value": "All versions < V4.1.0" + "version_value": "Versions including affected DNS modules" } ] } @@ -35,17 +35,7 @@ } }, { - "product_name": "Nucleus RTOS", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } - }, - { - "product_name": "Nucleus ReadyStart", + "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { @@ -54,12 +44,22 @@ ] } }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.0" + } + ] + } + }, { "product_name": "Nucleus Source Code", "version": { "version_data": [ { - "version_value": "versions including affected DNS modules" + "version_value": "Versions including affected DNS modules" } ] } @@ -73,16 +73,6 @@ } ] } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } } ] } @@ -106,7 +96,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory." } ] }, diff --git a/2020/27xxx/CVE-2020-27737.json b/2020/27xxx/CVE-2020-27737.json index efff3583b8d..8b163a3ba35 100644 --- a/2020/27xxx/CVE-2020-27737.json +++ b/2020/27xxx/CVE-2020-27737.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Nucleus 4", + "product_name": "Capital VSTAR", "version": { "version_data": [ { - "version_value": "All versions < V4.1.0" + "version_value": "Versions including affected DNS modules" } ] } @@ -35,17 +35,7 @@ } }, { - "product_name": "Nucleus RTOS", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } - }, - { - "product_name": "Nucleus ReadyStart", + "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { @@ -54,12 +44,22 @@ ] } }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.0" + } + ] + } + }, { "product_name": "Nucleus Source Code", "version": { "version_data": [ { - "version_value": "versions including affected DNS modules" + "version_value": "Versions including affected DNS modules" } ] } @@ -73,16 +73,6 @@ } ] } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } } ] } @@ -106,7 +96,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure." } ] }, diff --git a/2020/27xxx/CVE-2020-27738.json b/2020/27xxx/CVE-2020-27738.json index 4e94608f354..b2ee567f5ac 100644 --- a/2020/27xxx/CVE-2020-27738.json +++ b/2020/27xxx/CVE-2020-27738.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Nucleus 4", + "product_name": "Capital VSTAR", "version": { "version_data": [ { - "version_value": "All versions < V4.1.0" + "version_value": "Versions including affected DNS modules" } ] } @@ -35,17 +35,7 @@ } }, { - "product_name": "Nucleus RTOS", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } - }, - { - "product_name": "Nucleus ReadyStart", + "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { @@ -54,12 +44,22 @@ ] } }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.0" + } + ] + } + }, { "product_name": "Nucleus Source Code", "version": { "version_data": [ { - "version_value": "versions including affected DNS modules" + "version_value": "Versions including affected DNS modules" } ] } @@ -73,16 +73,6 @@ } ] } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } } ] } @@ -106,7 +96,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition." } ] }, diff --git a/2020/27xxx/CVE-2020-27820.json b/2020/27xxx/CVE-2020-27820.json index b6fbe676c92..c1620909d50 100644 --- a/2020/27xxx/CVE-2020-27820.json +++ b/2020/27xxx/CVE-2020-27820.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "to be fixed in RHEL-9 release" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/", + "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/", + "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/", + "url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if \"unbind\" the driver)." } ] } diff --git a/2020/28xxx/CVE-2020-28362.json b/2020/28xxx/CVE-2020-28362.json index 0dc9139dad9..8774ca0afe7 100644 --- a/2020/28xxx/CVE-2020-28362.json +++ b/2020/28xxx/CVE-2020-28362.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-e971480183", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/" + }, + { + "refsource": "MISC", + "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62", + "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62" } ] } diff --git a/2020/28xxx/CVE-2020-28388.json b/2020/28xxx/CVE-2020-28388.json index e4e3ddf2b5d..844b6c93155 100644 --- a/2020/28xxx/CVE-2020-28388.json +++ b/2020/28xxx/CVE-2020-28388.json @@ -14,6 +14,16 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "Nucleus NET", "version": { @@ -25,7 +35,7 @@ } }, { - "product_name": "Nucleus ReadyStart for ARM, MIPS, and PPC", + "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { @@ -34,6 +44,16 @@ ] } }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "PLUSCONTROL 1st Gen", "version": { @@ -66,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones." + "value": "A vulnerability has been identified in Capital VSTAR (All versions), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones." } ] }, diff --git a/2020/28xxx/CVE-2020-28416.json b/2020/28xxx/CVE-2020-28416.json index 35ac6a65fd5..33bac3f05a6 100644 --- a/2020/28xxx/CVE-2020-28416.json +++ b/2020/28xxx/CVE-2020-28416.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP OfficeJet Printer; HP PageWide Printer", + "version": { + "version_data": [ + { + "version_value": "before 33.1.74" + }, + { + "version_value": "before 35.0.72" + }, + { + "version_value": "before 38.8.1942" + }, + { + "version_value": "before 38.9.1948" + }, + { + "version_value": "before 39.6.1999" + }, + { + "version_value": "before 39.6.2002" + }, + { + "version_value": "before 40.11.1122" + }, + { + "version_value": "before 40.11.1148" + }, + { + "version_value": "before 40.11.1150" + }, + { + "version_value": "before 40.12.1161" + }, + { + "version_value": "before 40.13.1176" + }, + { + "version_value": "before 40.7.1094" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unauthorized local code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c07051163", + "url": "https://support.hp.com/us-en/document/c07051163" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution." } ] } diff --git a/2020/28xxx/CVE-2020-28419.json b/2020/28xxx/CVE-2020-28419.json index fa0455b540d..3c7cc3e614b 100644 --- a/2020/28xxx/CVE-2020-28419.json +++ b/2020/28xxx/CVE-2020-28419.json @@ -4,14 +4,127 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP LaserJet Printer; HP LaserJet Pro Printer; HP PageWide Printer; HP PageWide Pro Printer; HP inkjet Printer; HP OfficeJet Printer", + "version": { + "version_data": [ + { + "version_value": "before 61.111.01.9108" + }, + { + "version_value": "before 8.0.13284.929" + }, + { + "version_value": "before 11.0.19232.882" + }, + { + "version_value": "before 52.1.4899" + }, + { + "version_value": "before 14.0.19241.351" + }, + { + "version_value": "before 14.0.19232.485" + }, + { + "version_value": "before 10.0.16007.5" + }, + { + "version_value": "before 9.0.15316.203" + }, + { + "version_value": "before 11.0.16058.821" + }, + { + "version_value": "before 50.1.4584" + }, + { + "version_value": "before 16.0.19235.653" + }, + { + "version_value": "before 16.0.19233.658" + }, + { + "version_value": "before 10.0.15324.194" + }, + { + "version_value": "before 10.0.15324.199" + }, + { + "version_value": "before 49.1.4431" + }, + { + "version_value": "before 43.2.2509" + }, + { + "version_value": "before 49.1.4424" + }, + { + "version_value": "before 50.1.4533" + }, + { + "version_value": "before 44.7.2713" + }, + { + "version_value": "before 44.6.2710" + }, + { + "version_value": "before 14.0.15311.432" + }, + { + "version_value": "before 16.0.19117.636" + }, + { + "version_value": "before 15.0.15322.1207" + }, + { + "version_value": "..." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c07058567", + "url": "https://support.hp.com/us-en/document/c07058567" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "During installation with certain driver software or application packages an arbitrary code execution could occur." } ] } diff --git a/2020/28xxx/CVE-2020-28463.json b/2020/28xxx/CVE-2020-28463.json index 9c793375769..58d08a8e6b8 100644 --- a/2020/28xxx/CVE-2020-28463.json +++ b/2020/28xxx/CVE-2020-28463.json @@ -61,6 +61,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-13cdc0ab0e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-04bfae8300", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/" } ] }, diff --git a/2020/28xxx/CVE-2020-28702.json b/2020/28xxx/CVE-2020-28702.json index f55f04a2e95..29bbb3d4cf6 100644 --- a/2020/28xxx/CVE-2020-28702.json +++ b/2020/28xxx/CVE-2020-28702.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28702", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28702", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tomoya92/pybbs/issues/137", + "refsource": "MISC", + "name": "https://github.com/tomoya92/pybbs/issues/137" } ] } diff --git a/2020/35xxx/CVE-2020-35249.json b/2020/35xxx/CVE-2020-35249.json index 3e60c31a022..6638984ce38 100644 --- a/2020/35xxx/CVE-2020-35249.json +++ b/2020/35xxx/CVE-2020-35249.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35249", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35249", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/48756", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/48756" } ] } diff --git a/2020/36xxx/CVE-2020-36330.json b/2020/36xxx/CVE-2020-36330.json index 2c36e7c29a7..3e2bafe1b68 100644 --- a/2020/36xxx/CVE-2020-36330.json +++ b/2020/36xxx/CVE-2020-36330.json @@ -73,6 +73,11 @@ "refsource": "FULLDISC", "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", "url": "http://seclists.org/fulldisclosure/2021/Jul/54" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0004/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0004/" } ] }, diff --git a/2020/36xxx/CVE-2020-36332.json b/2020/36xxx/CVE-2020-36332.json index 25e3450afd5..6d84e1e38b2 100644 --- a/2020/36xxx/CVE-2020-36332.json +++ b/2020/36xxx/CVE-2020-36332.json @@ -53,6 +53,11 @@ "refsource": "DEBIAN", "name": "DSA-4930", "url": "https://www.debian.org/security/2021/dsa-4930" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0004/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0004/" } ] }, diff --git a/2020/36xxx/CVE-2020-36376.json b/2020/36xxx/CVE-2020-36376.json index 7dbf3b11dae..12b0d1ea7c0 100644 --- a/2020/36xxx/CVE-2020-36376.json +++ b/2020/36xxx/CVE-2020-36376.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36376", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36376", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shenzhim/aaptjs/issues/2", + "url": "https://github.com/shenzhim/aaptjs/issues/2" } ] } diff --git a/2020/36xxx/CVE-2020-36377.json b/2020/36xxx/CVE-2020-36377.json index ea041aa14f1..9a304327201 100644 --- a/2020/36xxx/CVE-2020-36377.json +++ b/2020/36xxx/CVE-2020-36377.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36377", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36377", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shenzhim/aaptjs/issues/2", + "url": "https://github.com/shenzhim/aaptjs/issues/2" } ] } diff --git a/2020/36xxx/CVE-2020-36378.json b/2020/36xxx/CVE-2020-36378.json index b45842c7343..73340742c1b 100644 --- a/2020/36xxx/CVE-2020-36378.json +++ b/2020/36xxx/CVE-2020-36378.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36378", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36378", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shenzhim/aaptjs/issues/2", + "url": "https://github.com/shenzhim/aaptjs/issues/2" } ] } diff --git a/2020/36xxx/CVE-2020-36379.json b/2020/36xxx/CVE-2020-36379.json index eb01cdb31a6..93cbfa91300 100644 --- a/2020/36xxx/CVE-2020-36379.json +++ b/2020/36xxx/CVE-2020-36379.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36379", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36379", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shenzhim/aaptjs/issues/2", + "url": "https://github.com/shenzhim/aaptjs/issues/2" } ] } diff --git a/2020/36xxx/CVE-2020-36380.json b/2020/36xxx/CVE-2020-36380.json index 2235f35fef7..f99bb53d874 100644 --- a/2020/36xxx/CVE-2020-36380.json +++ b/2020/36xxx/CVE-2020-36380.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36380", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36380", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shenzhim/aaptjs/issues/2", + "url": "https://github.com/shenzhim/aaptjs/issues/2" } ] } diff --git a/2020/36xxx/CVE-2020-36381.json b/2020/36xxx/CVE-2020-36381.json index a3943803a9c..661676a20cc 100644 --- a/2020/36xxx/CVE-2020-36381.json +++ b/2020/36xxx/CVE-2020-36381.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-36381", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-36381", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/shenzhim/aaptjs/issues/2", + "url": "https://github.com/shenzhim/aaptjs/issues/2" } ] } diff --git a/2020/36xxx/CVE-2020-36503.json b/2020/36xxx/CVE-2020-36503.json index 2aef0794262..08aec2b7365 100644 --- a/2020/36xxx/CVE-2020-36503.json +++ b/2020/36xxx/CVE-2020-36503.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Connections Business Directory < 9.7 - Admin+ CSV Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Connections Business Directory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "9.7", + "version_value": "9.7" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue" } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/Connections-Business-Directory/Connections/issues/474", + "name": "https://github.com/Connections-Business-Directory/Connections/issues/474" + }, + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/dd394b55-c86f-4fa2-aae8-5903ca0b95ec", + "name": "https://wpscan.com/vulnerability/dd394b55-c86f-4fa2-aae8-5903ca0b95ec" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Rudra Sarkar" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36504.json b/2020/36xxx/CVE-2020-36504.json new file mode 100644 index 00000000000..cc63b2dcef0 --- /dev/null +++ b/2020/36xxx/CVE-2020-36504.json @@ -0,0 +1,80 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2020-36504", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Wp-Pro-Quiz", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.37", + "version_value": "0.37" + } + ] + } + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://medium.com/@hoanhp/0-days-story-1-wp-pro-quiz-2115dd77a6d4", + "name": "https://medium.com/@hoanhp/0-days-story-1-wp-pro-quiz-2115dd77a6d4" + }, + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/83679b90-faa5-454e-924c-89f388eccbd1", + "name": "https://wpscan.com/vulnerability/83679b90-faa5-454e-924c-89f388eccbd1" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "HoanHP" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2020/36xxx/CVE-2020-36505.json b/2020/36xxx/CVE-2020-36505.json new file mode 100644 index 00000000000..c89c8a43809 --- /dev/null +++ b/2020/36xxx/CVE-2020-36505.json @@ -0,0 +1,80 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2020-36505", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Delete All Comments Easily", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.3", + "version_value": "1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821", + "name": "https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821" + }, + { + "refsource": "MISC", + "url": "https://medium.com/@hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50", + "name": "https://medium.com/@hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Hoan Hp" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2020/4xxx/CVE-2020-4152.json b/2020/4xxx/CVE-2020-4152.json index 239e3876074..5566c8ffb2b 100644 --- a/2020/4xxx/CVE-2020-4152.json +++ b/2020/4xxx/CVE-2020-4152.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "DATE_PUBLIC": "2021-11-07T00:00:00", "ID": "CVE-2020-4152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "UI": "N", + "PR": "N", + "AV": "N", + "I": "N", + "C": "H", + "A": "N", + "AC": "H", + "S": "C", + "SCORE": "6.800" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.4.0" + }, + { + "version_value": "5.5.0" + } + ] + }, + "product_name": "QRadar Network Security" + } + ] + }, + "vendor_name": "IBM" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467." } ] - } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6514403", + "name": "https://www.ibm.com/support/pages/node/6514403", + "title": "IBM Security Bulletin 6514403 (QRadar Network Security)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174267", + "refsource": "XF", + "name": "ibm-qradar-cve20204152-info-disc (174267)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0" } \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4153.json b/2020/4xxx/CVE-2020-4153.json index db5d7978278..b5026bffa8a 100644 --- a/2020/4xxx/CVE-2020-4153.json +++ b/2020/4xxx/CVE-2020-4153.json @@ -1,18 +1,93 @@ { "data_type": "CVE", + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4153", + "DATE_PUBLIC": "2021-11-07T00:00:00" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "QRadar Network Security", + "version": { + "version_data": [ + { + "version_value": "5.4.0" + }, + { + "version_value": "5.5.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269.", + "lang": "eng" } ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6514403 (QRadar Network Security)", + "name": "https://www.ibm.com/support/pages/node/6514403", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6514403" + }, + { + "name": "ibm-qradar-cve20204153-xss (174269)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174269", + "refsource": "XF" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "SCORE": "5.400", + "S": "C", + "AC": "L", + "C": "L", + "I": "L", + "AV": "N", + "PR": "L", + "UI": "R" + }, + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + } + } } } \ No newline at end of file diff --git a/2020/4xxx/CVE-2020-4160.json b/2020/4xxx/CVE-2020-4160.json index c59eb56c276..17f931e2948 100644 --- a/2020/4xxx/CVE-2020-4160.json +++ b/2020/4xxx/CVE-2020-4160.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-4160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "BM": { + "C": "H", + "I": "N", + "A": "N", + "SCORE": "5.900", + "AC": "H", + "S": "U", + "PR": "N", + "UI": "N", + "AV": "N" + }, + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + } + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6514403", + "title": "IBM Security Bulletin 6514403 (QRadar Network Security)", + "url": "https://www.ibm.com/support/pages/node/6514403", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-qradar-cve20204160-info-disc (174340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174340" + } + ] }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.", + "lang": "eng" } ] - } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.4.0" + }, + { + "version_value": "5.5.0" + } + ] + }, + "product_name": "QRadar Network Security" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "data_format": "MITRE", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-11-07T00:00:00", + "ID": "CVE-2020-4160" + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5955.json b/2020/5xxx/CVE-2020-5955.json index ae8cb14fe4d..b378357b7d7 100644 --- a/2020/5xxx/CVE-2020-5955.json +++ b/2020/5xxx/CVE-2020-5955.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5955", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5955", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.insyde.com/products", + "refsource": "MISC", + "name": "https://www.insyde.com/products" + }, + { + "refsource": "CONFIRM", + "name": "https://www.insyde.com/security-pledge/SA-2021002", + "url": "https://www.insyde.com/security-pledge/SA-2021002" } ] } diff --git a/2020/6xxx/CVE-2020-6492.json b/2020/6xxx/CVE-2020-6492.json index 1a818e20065..10c82bedc51 100644 --- a/2020/6xxx/CVE-2020-6492.json +++ b/2020/6xxx/CVE-2020-6492.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "83.0.4103.97", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1078375", + "refsource": "MISC", + "name": "https://crbug.com/1078375" + }, + { + "url": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6931.json b/2020/6xxx/CVE-2020-6931.json index 902558bf276..4040f3c761c 100644 --- a/2020/6xxx/CVE-2020-6931.json +++ b/2020/6xxx/CVE-2020-6931.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP Print and Scan Doctor", + "version": { + "version_data": [ + { + "version_value": "before 5.51" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/c06982375", + "url": "https://support.hp.com/us-en/document/c06982375" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege." } ] } diff --git a/2020/7xxx/CVE-2020-7580.json b/2020/7xxx/CVE-2020-7580.json index 48d08578eaf..11ac72f3b3a 100644 --- a/2020/7xxx/CVE-2020-7580.json +++ b/2020/7xxx/CVE-2020-7580.json @@ -49,7 +49,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V17" } ] } @@ -119,7 +119,7 @@ "version": { "version_data": [ { - "version_value": "All versions < P018" + "version_value": "All versions < V3.16 P018" } ] } @@ -129,7 +129,7 @@ "version": { "version_data": [ { - "version_value": "All versions < P003" + "version_value": "All versions < V3.17 P003" } ] } @@ -286,7 +286,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted." + "value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted." } ] }, diff --git a/2021/0xxx/CVE-2021-0002.json b/2021/0xxx/CVE-2021-0002.json index 4fbd0295a0f..a01cffb9cdd 100644 --- a/2021/0xxx/CVE-2021-0002.json +++ b/2021/0xxx/CVE-2021-0002.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-cbad295a90", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKMUMLUH6ENNMLGTJ5AFRF6764ILEMYJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-9818cabe0d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFLYHRQPDF6ZMESCI3HRNOP6D6GELPFR/" } ] }, diff --git a/2021/0xxx/CVE-2021-0012.json b/2021/0xxx/CVE-2021-0012.json index 2d1e20a9cc4..39c60d62996 100644 --- a/2021/0xxx/CVE-2021-0012.json +++ b/2021/0xxx/CVE-2021-0012.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00508.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00508.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00566.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00566.html" } ] }, diff --git a/2021/0xxx/CVE-2021-0283.json b/2021/0xxx/CVE-2021-0283.json index 7f538da41eb..ccbf6d5dd82 100644 --- a/2021/0xxx/CVE-2021-0283.json +++ b/2021/0xxx/CVE-2021-0283.json @@ -74,7 +74,7 @@ { "version_affected": "<", "version_name": "18.4", - "version_value": "18.4R3-S9" + "version_value": "18.4R2-S9, 18.4R3-S9" }, { "version_affected": "<", @@ -84,17 +84,17 @@ { "version_affected": "<", "version_name": "19.2", - "version_value": "19.2R3-S3" + "version_value": "19.2R1-S7, 19.2R3-S3" }, { "version_affected": "<", "version_name": "19.3", - "version_value": "19.3R3-S3" + "version_value": "19.3R2-S7, 19.3R3-S3" }, { "version_affected": "<", "version_name": "19.4", - "version_value": "19.4R1-S4, 19.4R3-S5" + "version_value": "19.4R3-S5" }, { "version_affected": "<", @@ -124,7 +124,7 @@ { "version_affected": "<", "version_name": "21.2", - "version_value": "21.2R2" + "version_value": "21.2R1-S1, 21.2R2" } ] } @@ -143,7 +143,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: \"eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down\" These issue are only triggered by traffic destined to the device. Transit traffic will not trigger these issues. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 16.1 version 16.1R1 and later versions; 16.2 version 16.2R1 and later versions; 17.1 version 17.1R1 and later versions; 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S12; 17.4 version 17.4R1 and later versions; 18.1 versions prior to 18.1R3-S13; 18.2 version 18.2R1 and later versions; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R2." + "value": "A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: \"eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down\" These issue are only triggered by traffic destined to the device. Transit traffic will not trigger these issues. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 16.1 version 16.1R1 and later versions; 16.2 version 16.2R1 and later versions; 17.1 version 17.1R1 and later versions; 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S12; 17.4 version 17.4R1 and later versions; 18.1 versions prior to 18.1R3-S13; 18.2 version 18.2R1 and later versions; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2." } ] }, @@ -196,7 +196,7 @@ "solution": [ { "lang": "eng", - "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S19, 15.1R7-S10, 17.3R3-S12, 18.1R3-S13, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R3-S3, 19.3R3-S3, 19.4R1-S4, 19.4R3-S5, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R2, 21.3R1, and all subsequent releases." + "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S19, 15.1R7-S10, 17.3R3-S12, 18.1R3-S13, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S7, 19.3R3-S3, 19.4R3-S5, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases." } ], "source": { diff --git a/2021/0xxx/CVE-2021-0284.json b/2021/0xxx/CVE-2021-0284.json index dde876dcc7d..b45b6888570 100644 --- a/2021/0xxx/CVE-2021-0284.json +++ b/2021/0xxx/CVE-2021-0284.json @@ -34,7 +34,7 @@ { "version_affected": "<", "version_name": "18.4", - "version_value": "18.4R3-S9" + "version_value": "18.4R2-S9, 18.4R3-S9" }, { "version_affected": "<", @@ -49,7 +49,7 @@ { "version_affected": "<", "version_name": "19.3", - "version_value": "19.3R3-S3" + "version_value": "19.3R2-S7, 19.3R3-S3" }, { "version_affected": "<", @@ -84,7 +84,7 @@ { "version_affected": "<", "version_name": "21.2", - "version_value": "21.2R2" + "version_value": "21.2R1-S1, 21.2R2" } ] } @@ -103,7 +103,7 @@ "description_data": [ { "lang": "eng", - "value": "A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: \"eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down\" This issue is only triggered by traffic destined to the device. Transit traffic will not trigger this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2." + "value": "A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: \"eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down\" This issue is only triggered by traffic destined to the device. Transit traffic will not trigger this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2." } ] }, @@ -156,7 +156,7 @@ "solution": [ { "lang": "eng", - "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S19, 15.1R7-S10, 17.3R3-S12, 18.4R3-S9, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R3-S3, 19.4R3-S5, 20.1R3-S1, 20.2R3-S2, 20.4R2-S2, 20.4R3, 21.1R2, 21.2R2, 21.3R1, and all subsequent releases.\n" + "value": "The following software releases have been updated to resolve this specific issue: \n\n12.3R12-S19, 15.1R7-S10, 17.3R3-S12, 18.4R2-S9, 18.4R3-S9, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R2-S7, 19.3R3-S3, 19.4R3-S5, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 20.4R2-S2, 20.4R3, 21.1R2, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases.\n\n" } ], "source": { diff --git a/2021/0xxx/CVE-2021-0870.json b/2021/0xxx/CVE-2021-0870.json index 5035164cf64..6129c24a9ab 100644 --- a/2021/0xxx/CVE-2021-0870.json +++ b/2021/0xxx/CVE-2021-0870.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2021-10-01", "url": "https://source.android.com/security/bulletin/2021-10-01" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164704/Android-NFC-Type-Confusion.html", + "url": "http://packetstormsecurity.com/files/164704/Android-NFC-Type-Confusion.html" } ] }, diff --git a/2021/1xxx/CVE-2021-1118.json b/2021/1xxx/CVE-2021-1118.json index eabe962cdab..9b78bff8d52 100644 --- a/2021/1xxx/CVE-2021-1118.json +++ b/2021/1xxx/CVE-2021-1118.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA Virtual GPU Software", + "version": { + "version_data": [ + { + "version_value": "vGPU version 13.x (prior to 13.1), 12.x (prior to 12.4), version 11.x (prior to 11.6) and version 8.x (prior 8.9)." + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service" + } + ] + }, + "impact": { + "cvss": { + "baseScore" : 7.8, + "baseSeverity" : "High", + "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version" : "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250: Execution with Unnecessary Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } -} \ No newline at end of file +} diff --git a/2021/1xxx/CVE-2021-1119.json b/2021/1xxx/CVE-2021-1119.json index 4b1aa422d75..909bd8c9676 100644 --- a/2021/1xxx/CVE-2021-1119.json +++ b/2021/1xxx/CVE-2021-1119.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA Virtual GPU Software", + "version": { + "version_data": [ + { + "version_value": "vGPU version 13.x (prior to 13.1), 12.x (prior to 12.4), version 11.x (prior to 11.6) and version 8.x (prior 8.9)." + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability." + } + ] + }, + "impact": { + "cvss": { + "baseScore" : 7.1, + "baseSeverity" : "High", + "vectorString" : "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version" : "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-415: Double Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } -} \ No newline at end of file +} diff --git a/2021/1xxx/CVE-2021-1120.json b/2021/1xxx/CVE-2021-1120.json index c81b6b35922..f00d05c792e 100644 --- a/2021/1xxx/CVE-2021-1120.json +++ b/2021/1xxx/CVE-2021-1120.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA Virtual GPU Software", + "version": { + "version_data": [ + { + "version_value": "vGPU version 13.x (prior to 13.1), 12.x (prior to 12.4), version 11.x (prior to 11.6) and version 8.x (prior 8.9)." + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore" : 7.0, + "baseSeverity" : "High", + "vectorString" : "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version" : "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-170: Improper Null Termination" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } -} \ No newline at end of file +} diff --git a/2021/1xxx/CVE-2021-1121.json b/2021/1xxx/CVE-2021-1121.json index 85ec7c8f379..e9724dfbaf5 100644 --- a/2021/1xxx/CVE-2021-1121.json +++ b/2021/1xxx/CVE-2021-1121.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA Virtual GPU Software", + "version": { + "version_data": [ + { + "version_value": "vGPU version 13.x (prior to 13.1), 12.x (prior to 12.4), version 11.x (prior to 11.6) and version 8.x (prior 8.9)." + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore" : 5.5, + "baseSeverity" : "Medium", + "vectorString" : "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version" : "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } -} \ No newline at end of file +} diff --git a/2021/1xxx/CVE-2021-1122.json b/2021/1xxx/CVE-2021-1122.json index 8009554108f..a79c7185283 100644 --- a/2021/1xxx/CVE-2021-1122.json +++ b/2021/1xxx/CVE-2021-1122.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA Virtual GPU Software", + "version": { + "version_data": [ + { + "version_value": "vGPU version 13.x (prior to 13.1), 12.x (prior to 12.4), version 11.x (prior to 11.6) and version 8.x (prior 8.9)." + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore" : 5.5, + "baseSeverity" : "Medium", + "vectorString" : "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version" : "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } -} \ No newline at end of file +} diff --git a/2021/1xxx/CVE-2021-1123.json b/2021/1xxx/CVE-2021-1123.json index cd386d61bd8..1ad70bf3681 100644 --- a/2021/1xxx/CVE-2021-1123.json +++ b/2021/1xxx/CVE-2021-1123.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", "ID": "CVE-2021-1123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA Virtual GPU Software", + "version": { + "version_data": [ + { + "version_value": "vGPU version 13.x (prior to 13.1), 12.x (prior to 12.4), version 11.x (prior to 11.6) and version 8.x (prior 8.9)." + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore" : 5.5, + "baseSeverity" : "High", + "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version" : "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230", + "refsource": "CONFIRM", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5230" } ] } -} \ No newline at end of file +} diff --git a/2021/1xxx/CVE-2021-1500.json b/2021/1xxx/CVE-2021-1500.json index 7c45db66085..9a0daeefece 100644 --- a/2021/1xxx/CVE-2021-1500.json +++ b/2021/1xxx/CVE-2021-1500.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-1500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Video Mesh ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmesh-openred-AGNRmf5" + } + ] + }, + "source": { + "advisory": "cisco-sa-vmesh-openred-AGNRmf5", + "defect": [ + [ + "CSCvz59109" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20119.json b/2021/20xxx/CVE-2021-20119.json index c4d3a34441c..9fbe76421c9 100644 --- a/2021/20xxx/CVE-2021-20119.json +++ b/2021/20xxx/CVE-2021-20119.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Arris SurfBoard SB8200", + "version": { + "version_data": [ + { + "version_value": "Arris SurfBoard SB8200 AB01.02.053.01_112320_193.0A.NSH" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Password Change Utility" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2021-49", + "url": "https://www.tenable.com/security/research/tra-2021-49" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password." } ] } diff --git a/2021/20xxx/CVE-2021-20135.json b/2021/20xxx/CVE-2021-20135.json index a4331331614..01e52fa60b7 100644 --- a/2021/20xxx/CVE-2021-20135.json +++ b/2021/20xxx/CVE-2021-20135.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Nessus", + "version": { + "version_data": [ + { + "version_value": "Nessus 8.15.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2021-18", + "url": "https://www.tenable.com/security/tns-2021-18" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus)." } ] } diff --git a/2021/20xxx/CVE-2021-20136.json b/2021/20xxx/CVE-2021-20136.json index 33c19754ef5..24e10e51ddc 100644 --- a/2021/20xxx/CVE-2021-20136.json +++ b/2021/20xxx/CVE-2021-20136.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ManageEngine Log360", + "version": { + "version_data": [ + { + "version_value": "< 5235" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2021-48", + "url": "https://www.tenable.com/security/research/tra-2021-48" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup." } ] } diff --git a/2021/20xxx/CVE-2021-20280.json b/2021/20xxx/CVE-2021-20280.json index ea9479d4224..2cd015f5c74 100644 --- a/2021/20xxx/CVE-2021-20280.json +++ b/2021/20xxx/CVE-2021-20280.json @@ -63,6 +63,16 @@ "refsource": "FEDORA", "name": "FEDORA-2021-50f63a0161", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-431b232659", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html" } ] }, diff --git a/2021/20xxx/CVE-2021-20562.json b/2021/20xxx/CVE-2021-20562.json index 1e075c965f1..a0e2c37c873 100644 --- a/2021/20xxx/CVE-2021-20562.json +++ b/2021/20xxx/CVE-2021-20562.json @@ -20,6 +20,16 @@ "name": "ibm-sterling-cve202120562-xss (199232)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199232" + }, + { + "refsource": "FULLDISC", + "name": "20211104 SEC Consult SA-20211104-0 :: Reflected cross-site scripting vulnerability in IBM Sterling B2B Integrator", + "url": "http://seclists.org/fulldisclosure/2021/Nov/16" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164782/IBM-Sterling-B2B-Integrator-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/164782/IBM-Sterling-B2B-Integrator-Cross-Site-Scripting.html" } ] }, diff --git a/2021/20xxx/CVE-2021-20600.json b/2021/20xxx/CVE-2021-20600.json index c79d083ffef..94c9e3826be 100644 --- a/2021/20xxx/CVE-2021-20600.json +++ b/2021/20xxx/CVE-2021-20600.json @@ -65,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up." + "value": "Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. System reset is required for recovery." } ] } diff --git a/2021/20xxx/CVE-2021-20700.json b/2021/20xxx/CVE-2021-20700.json index cde91a9ecfc..9376cd7589b 100644 --- a/2021/20xxx/CVE-2021-20700.json +++ b/2021/20xxx/CVE-2021-20700.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "CLUSTERPRO X", + "version": { + "version_data": [ + { + "version_value": "CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network." } ] } diff --git a/2021/20xxx/CVE-2021-20701.json b/2021/20xxx/CVE-2021-20701.json index 04098f64e09..8ff93796b30 100644 --- a/2021/20xxx/CVE-2021-20701.json +++ b/2021/20xxx/CVE-2021-20701.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "CLUSTERPRO X", + "version": { + "version_data": [ + { + "version_value": "CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network." } ] } diff --git a/2021/20xxx/CVE-2021-20702.json b/2021/20xxx/CVE-2021-20702.json index 15eb2f6582a..32a4bc92cf7 100644 --- a/2021/20xxx/CVE-2021-20702.json +++ b/2021/20xxx/CVE-2021-20702.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "CLUSTERPRO X", + "version": { + "version_data": [ + { + "version_value": "CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network." } ] } diff --git a/2021/20xxx/CVE-2021-20703.json b/2021/20xxx/CVE-2021-20703.json index ccbb7af6680..47cc0dab70d 100644 --- a/2021/20xxx/CVE-2021-20703.json +++ b/2021/20xxx/CVE-2021-20703.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "CLUSTERPRO X", + "version": { + "version_data": [ + { + "version_value": "CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network." } ] } diff --git a/2021/20xxx/CVE-2021-20704.json b/2021/20xxx/CVE-2021-20704.json index 96e67193e3c..4efc6579b56 100644 --- a/2021/20xxx/CVE-2021-20704.json +++ b/2021/20xxx/CVE-2021-20704.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "CLUSTERPRO X", + "version": { + "version_data": [ + { + "version_value": "CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network." } ] } diff --git a/2021/20xxx/CVE-2021-20705.json b/2021/20xxx/CVE-2021-20705.json index 5cc3f310f74..30457082f11 100644 --- a/2021/20xxx/CVE-2021-20705.json +++ b/2021/20xxx/CVE-2021-20705.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "CLUSTERPRO X", + "version": { + "version_data": [ + { + "version_value": "CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network." } ] } diff --git a/2021/20xxx/CVE-2021-20706.json b/2021/20xxx/CVE-2021-20706.json index ad136cda95d..210cada0f2e 100644 --- a/2021/20xxx/CVE-2021-20706.json +++ b/2021/20xxx/CVE-2021-20706.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "CLUSTERPRO X", + "version": { + "version_data": [ + { + "version_value": "CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network." } ] } diff --git a/2021/20xxx/CVE-2021-20707.json b/2021/20xxx/CVE-2021-20707.json index 02ba45b8854..e3903d0f00c 100644 --- a/2021/20xxx/CVE-2021-20707.json +++ b/2021/20xxx/CVE-2021-20707.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NEC Corporation", + "product": { + "product_data": [ + { + "product_name": "CLUSTERPRO X", + "version": { + "version_data": [ + { + "version_value": "CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html", + "refsource": "MISC", + "name": "https://jpn.nec.com/security-info/secinfo/nv21-015_en.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to read files upload via network.." } ] } diff --git a/2021/20xxx/CVE-2021-20837.json b/2021/20xxx/CVE-2021-20837.json index 2ea1e67020a..95d56c2965f 100644 --- a/2021/20xxx/CVE-2021-20837.json +++ b/2021/20xxx/CVE-2021-20837.json @@ -53,6 +53,16 @@ "url": "https://jvn.jp/en/jp/JVN41119755/index.html", "refsource": "MISC", "name": "https://jvn.jp/en/jp/JVN41119755/index.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html" } ] }, diff --git a/2021/20xxx/CVE-2021-20838.json b/2021/20xxx/CVE-2021-20838.json index 2cdf554a93c..7fe8342c1f9 100644 --- a/2021/20xxx/CVE-2021-20838.json +++ b/2021/20xxx/CVE-2021-20838.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20838", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Antenna House, Inc.", + "product": { + "product_data": [ + { + "product_name": "Office Server Document Converter", + "version": { + "version_data": [ + { + "version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML external entities (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html", + "refsource": "MISC", + "name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN33453839/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN33453839/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document." } ] } diff --git a/2021/20xxx/CVE-2021-20839.json b/2021/20xxx/CVE-2021-20839.json index 437a90d23af..b03e41f1e56 100644 --- a/2021/20xxx/CVE-2021-20839.json +++ b/2021/20xxx/CVE-2021-20839.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20839", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Antenna House, Inc.", + "product": { + "product_data": [ + { + "product_name": "Office Server Document Converter", + "version": { + "version_data": [ + { + "version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML external entities (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html", + "refsource": "MISC", + "name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN33453839/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN33453839/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document." } ] } diff --git a/2021/21xxx/CVE-2021-21685.json b/2021/21xxx/CVE-2021-21685.json index 0a32f90a068..22d46b4dd91 100644 --- a/2021/21xxx/CVE-2021-21685.json +++ b/2021/21xxx/CVE-2021-21685.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21686.json b/2021/21xxx/CVE-2021-21686.json index 8699fb828fb..df666486d4d 100644 --- a/2021/21xxx/CVE-2021-21686.json +++ b/2021/21xxx/CVE-2021-21686.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21687.json b/2021/21xxx/CVE-2021-21687.json index 579f346d003..60d5bc765e8 100644 --- a/2021/21xxx/CVE-2021-21687.json +++ b/2021/21xxx/CVE-2021-21687.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21688.json b/2021/21xxx/CVE-2021-21688.json index ccbf2b25e48..f1170d81afa 100644 --- a/2021/21xxx/CVE-2021-21688.json +++ b/2021/21xxx/CVE-2021-21688.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21689.json b/2021/21xxx/CVE-2021-21689.json index ae0dfd9aa25..a48b715a194 100644 --- a/2021/21xxx/CVE-2021-21689.json +++ b/2021/21xxx/CVE-2021-21689.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21690.json b/2021/21xxx/CVE-2021-21690.json index 6e2e2df96f3..2c96c10cce9 100644 --- a/2021/21xxx/CVE-2021-21690.json +++ b/2021/21xxx/CVE-2021-21690.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21691.json b/2021/21xxx/CVE-2021-21691.json index 06243ec32ab..2bbcf6edfc3 100644 --- a/2021/21xxx/CVE-2021-21691.json +++ b/2021/21xxx/CVE-2021-21691.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21692.json b/2021/21xxx/CVE-2021-21692.json index d867a949cf6..f2dd34c3193 100644 --- a/2021/21xxx/CVE-2021-21692.json +++ b/2021/21xxx/CVE-2021-21692.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21693.json b/2021/21xxx/CVE-2021-21693.json index ab1802b4fc1..6f45b0cad26 100644 --- a/2021/21xxx/CVE-2021-21693.json +++ b/2021/21xxx/CVE-2021-21693.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21694.json b/2021/21xxx/CVE-2021-21694.json index 98c0fcbe8c4..04f151cbcc0 100644 --- a/2021/21xxx/CVE-2021-21694.json +++ b/2021/21xxx/CVE-2021-21694.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" } ] } diff --git a/2021/21xxx/CVE-2021-21695.json b/2021/21xxx/CVE-2021-21695.json index fbd59e18273..bf11486176f 100644 --- a/2021/21xxx/CVE-2021-21695.json +++ b/2021/21xxx/CVE-2021-21695.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21696.json b/2021/21xxx/CVE-2021-21696.json index 01ff2d61c8c..dc5c679bac0 100644 --- a/2021/21xxx/CVE-2021-21696.json +++ b/2021/21xxx/CVE-2021-21696.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2423", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21697.json b/2021/21xxx/CVE-2021-21697.json index 9ff28457a3b..9837d60fa87 100644 --- a/2021/21xxx/CVE-2021-21697.json +++ b/2021/21xxx/CVE-2021-21697.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "2.318", + "version_affected": "<=" + }, + { + "version_value": "LTS 2.303.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-184: Incomplete List of Disallowed Inputs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21698.json b/2021/21xxx/CVE-2021-21698.json index aaf6689fae2..7afb4f513a2 100644 --- a/2021/21xxx/CVE-2021-21698.json +++ b/2021/21xxx/CVE-2021-21698.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Subversion Plugin", + "version": { + "version_data": [ + { + "version_value": "2.15.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", + "url": "https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2506", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211104 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2021/11/04/3" } ] } diff --git a/2021/21xxx/CVE-2021-21703.json b/2021/21xxx/CVE-2021-21703.json index e778e81d339..8e258fa79f6 100644 --- a/2021/21xxx/CVE-2021-21703.json +++ b/2021/21xxx/CVE-2021-21703.json @@ -139,6 +139,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-4140b54de2", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-02d218c3be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/" } ] }, diff --git a/2021/22xxx/CVE-2021-22051.json b/2021/22xxx/CVE-2021-22051.json index df68594c572..7fd02a2adcc 100644 --- a/2021/22xxx/CVE-2021-22051.json +++ b/2021/22xxx/CVE-2021-22051.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22051", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Spring Cloud Gateway", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Specifically crafted requests could make an extra request on downstream services." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://tanzu.vmware.com/security/cve-2021-22051", + "url": "https://tanzu.vmware.com/security/cve-2021-22051" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer." } ] } diff --git a/2021/22xxx/CVE-2021-22260.json b/2021/22xxx/CVE-2021-22260.json index 5f03d93baa5..6131fdd47d5 100644 --- a/2021/22xxx/CVE-2021-22260.json +++ b/2021/22xxx/CVE-2021-22260.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.7, <14.2.2" + }, + { + "version_value": ">=13.6, <14.1.4" + }, + { + "version_value": ">=13.5, <14.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/336614", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/336614", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1257383", + "url": "https://hackerone.com/reports/1257383", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22260.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22260.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross-Site Scripting vulnerability in the DataDog integration in GitLab CE/EE version 13.7 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 7.6, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks shells3c for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22563.json b/2021/22xxx/CVE-2021-22563.json index 00cb59b6fa8..24e2a1e8ad2 100644 --- a/2021/22xxx/CVE-2021-22563.json +++ b/2021/22xxx/CVE-2021-22563.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "DATE_PUBLIC": "2021-10-14T20:00:00.000Z", "ID": "CVE-2021-22563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Memory Overread in libjxl" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libjxl", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "0.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Google LLC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-126 Buffer Over-read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/libjxl/libjxl/issues/735", + "name": "https://github.com/libjxl/libjxl/issues/735" + }, + { + "refsource": "MISC", + "url": "https://github.com/libjxl/libjxl/pull/757", + "name": "https://github.com/libjxl/libjxl/pull/757" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22564.json b/2021/22xxx/CVE-2021-22564.json index 4c1f57a98eb..1f090285726 100644 --- a/2021/22xxx/CVE-2021-22564.json +++ b/2021/22xxx/CVE-2021-22564.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "DATE_PUBLIC": "2021-10-14T20:00:00.000Z", "ID": "CVE-2021-22564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Out of bounds Copy in Libjxl in large image groups" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libjxl", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "0.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Google LLC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/libjxl/libjxl/pull/775", + "name": "https://github.com/libjxl/libjxl/pull/775" + }, + { + "refsource": "MISC", + "url": "https://github.com/libjxl/libjxl/issues/708", + "name": "https://github.com/libjxl/libjxl/issues/708" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22945.json b/2021/22xxx/CVE-2021-22945.json index 8e42e22ce7e..5d6848bff19 100644 --- a/2021/22xxx/CVE-2021-22945.json +++ b/2021/22xxx/CVE-2021-22945.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211029-0003/", "url": "https://security.netapp.com/advisory/ntap-20211029-0003/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1d24845e93", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/" } ] }, diff --git a/2021/22xxx/CVE-2021-22946.json b/2021/22xxx/CVE-2021-22946.json index dd0e6cbe18f..e0361121183 100644 --- a/2021/22xxx/CVE-2021-22946.json +++ b/2021/22xxx/CVE-2021-22946.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211029-0003/", "url": "https://security.netapp.com/advisory/ntap-20211029-0003/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1d24845e93", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/" } ] }, diff --git a/2021/22xxx/CVE-2021-22947.json b/2021/22xxx/CVE-2021-22947.json index 1d67a4746cc..074af814c7c 100644 --- a/2021/22xxx/CVE-2021-22947.json +++ b/2021/22xxx/CVE-2021-22947.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211029-0003/", "url": "https://security.netapp.com/advisory/ntap-20211029-0003/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1d24845e93", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/" } ] }, diff --git a/2021/22xxx/CVE-2021-22960.json b/2021/22xxx/CVE-2021-22960.json index c440c34b0ae..b45c5fc2b26 100644 --- a/2021/22xxx/CVE-2021-22960.json +++ b/2021/22xxx/CVE-2021-22960.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/nodejs/llhttp", + "version": { + "version_data": [ + { + "version_value": "Fixed in v2.1.4 and v6.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP Request Smuggling (CWE-444)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1238099", + "url": "https://hackerone.com/reports/1238099" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions." } ] } diff --git a/2021/23xxx/CVE-2021-23214.json b/2021/23xxx/CVE-2021-23214.json new file mode 100644 index 00000000000..f1859609baa --- /dev/null +++ b/2021/23xxx/CVE-2021-23214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23222.json b/2021/23xxx/CVE-2021-23222.json new file mode 100644 index 00000000000..2177d1432cd --- /dev/null +++ b/2021/23xxx/CVE-2021-23222.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-23222", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23472.json b/2021/23xxx/CVE-2021-23472.json index 91a5f618d24..aa59d934e90 100644 --- a/2021/23xxx/CVE-2021-23472.json +++ b/2021/23xxx/CVE-2021-23472.json @@ -3,16 +3,110 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-11-03T17:21:09.920923Z", "ID": "CVE-2021-23472", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bootstrap-table", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597", + "name": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597" + }, + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZHIXIN-1910687", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZHIXIN-1910687" + }, + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688" + }, + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1910689", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1910689" + }, + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1910690", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1910690" + }, + { + "refsource": "MISC", + "url": "https://github.com/wenzhixin/bootstrap-table/blob/develop/src/utils/index.js%23L218", + "name": "https://github.com/wenzhixin/bootstrap-table/blob/develop/src/utils/index.js%23L218" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set." } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alessio Della Libera of Snyk Research Team" + } + ] } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23509.json b/2021/23xxx/CVE-2021-23509.json index f9d1e32e363..982550cd005 100644 --- a/2021/23xxx/CVE-2021-23509.json +++ b/2021/23xxx/CVE-2021-23509.json @@ -3,16 +3,105 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-11-03T17:17:33.864061Z", "ID": "CVE-2021-23509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Prototype Pollution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "json-ptr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291", + "name": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291" + }, + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1767165" + }, + { + "refsource": "MISC", + "url": "https://github.com/flitbit/json-ptr/pull/42", + "name": "https://github.com/flitbit/json-ptr/pull/42" + }, + { + "refsource": "MISC", + "url": "https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca", + "name": "https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca" + }, + { + "refsource": "MISC", + "url": "https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved", + "name": "https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays." } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alessio Della Libera of Snyk Research Team" + } + ] } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23624.json b/2021/23xxx/CVE-2021-23624.json index 78f8bf68088..6418937ba1d 100644 --- a/2021/23xxx/CVE-2021-23624.json +++ b/2021/23xxx/CVE-2021-23624.json @@ -3,16 +3,90 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-11-03T17:19:10.748895Z", "ID": "CVE-2021-23624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Prototype Pollution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dotty", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "0.1.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-DOTTY-1577292", + "name": "https://snyk.io/vuln/SNYK-JS-DOTTY-1577292" + }, + { + "refsource": "MISC", + "url": "https://github.com/deoxxa/dotty/commit/88f61860dcc274a07a263c32cbe9d44c24ef02d7", + "name": "https://github.com/deoxxa/dotty/commit/88f61860dcc274a07a263c32cbe9d44c24ef02d7" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays." } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RC:C", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alessio Della Libera of Snyk Research Team" + } + ] } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23784.json b/2021/23xxx/CVE-2021-23784.json index 6baaca12ff8..43e0094d08c 100644 --- a/2021/23xxx/CVE-2021-23784.json +++ b/2021/23xxx/CVE-2021-23784.json @@ -3,16 +3,95 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-11-03T17:16:43.033351Z", "ID": "CVE-2021-23784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-site Scripting (XSS)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tempura", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "0.4.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-TEMPURA-1569633", + "name": "https://snyk.io/vuln/SNYK-JS-TEMPURA-1569633" + }, + { + "refsource": "MISC", + "url": "https://github.com/lukeed/tempura/commit/58a5c3671e2f36b26810e77ead9e0dd471902f9b", + "name": "https://github.com/lukeed/tempura/commit/58a5c3671e2f36b26810e77ead9e0dd471902f9b" + }, + { + "refsource": "MISC", + "url": "https://github.com/lukeed/tempura/releases/tag/v0.4.0", + "name": "https://github.com/lukeed/tempura/releases/tag/v0.4.0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability." } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alessio Della Libera of Snyk Research Team" + } + ] } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23807.json b/2021/23xxx/CVE-2021-23807.json index 0f2cf804fb8..3bc1c99fb1a 100644 --- a/2021/23xxx/CVE-2021-23807.json +++ b/2021/23xxx/CVE-2021-23807.json @@ -3,16 +3,100 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-11-03T17:18:18.732977Z", "ID": "CVE-2021-23807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Prototype Pollution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jsonpointer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.0.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288", + "name": "https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288" + }, + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273" + }, + { + "refsource": "MISC", + "url": "https://github.com/janl/node-jsonpointer/pull/51", + "name": "https://github.com/janl/node-jsonpointer/pull/51" + }, + { + "refsource": "MISC", + "url": "https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4", + "name": "https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays." } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alessio Della Libera of Snyk Research Team" + } + ] } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23820.json b/2021/23xxx/CVE-2021-23820.json index 5e6326ce2f6..2e66d23ff41 100644 --- a/2021/23xxx/CVE-2021-23820.json +++ b/2021/23xxx/CVE-2021-23820.json @@ -3,16 +3,95 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-11-03T17:19:55.269449Z", "ID": "CVE-2021-23820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Prototype Pollution" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "json-pointer", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Prototype Pollution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287", + "name": "https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287" + }, + { + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910686", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910686" + }, + { + "refsource": "MISC", + "url": "https://github.com/manuelstofer/json-pointer/blob/master/index.js%23L78", + "name": "https://github.com/manuelstofer/json-pointer/blob/master/index.js%23L78" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays." } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alessio Della Libera of Snyk Research Team" + } + ] } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24537.json b/2021/24xxx/CVE-2021-24537.json index cb1d70e90bd..4a2d5516f5e 100644 --- a/2021/24xxx/CVE-2021-24537.json +++ b/2021/24xxx/CVE-2021-24537.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24537", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Similar Posts – Best Related Posts Plugin for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.1.5", + "version_value": "3.1.5" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/0d6b46cb-5244-486f-ad70-4023907ac9eb", + "name": "https://wpscan.com/vulnerability/0d6b46cb-5244-486f-ad70-4023907ac9eb" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "bl4derunner" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24539.json b/2021/24xxx/CVE-2021-24539.json index c50daa96ea6..bd8fa11130a 100644 --- a/2021/24xxx/CVE-2021-24539.json +++ b/2021/24xxx/CVE-2021-24539.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24539", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Coming Soon, Under Construction & Maintenance Mode By Dazzler < 1.6.7 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Coming Soon, Under Construction & Maintenance Mode By Dazzler", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.6.7", + "version_value": "1.6.7" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/4bda5dff-f577-4cd8-a225-c6b4c32f22b4", + "name": "https://wpscan.com/vulnerability/4bda5dff-f577-4cd8-a225-c6b4c32f22b4" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24570.json b/2021/24xxx/CVE-2021-24570.json index ef6dc069eae..4fe578ac991 100644 --- a/2021/24xxx/CVE-2021-24570.json +++ b/2021/24xxx/CVE-2021-24570.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24570", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Accept Donations with PayPal", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.1", + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/5c73754c-eebe-424a-9d3b-ca83eb53bf87", + "name": "https://wpscan.com/vulnerability/5c73754c-eebe-424a-9d3b-ca83eb53bf87" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2608073/", + "name": "https://plugins.trac.wordpress.org/changeset/2608073/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "dc11" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24572.json b/2021/24xxx/CVE-2021-24572.json index 45a4c3d03fa..321baf9b432 100644 --- a/2021/24xxx/CVE-2021-24572.json +++ b/2021/24xxx/CVE-2021-24572.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24572", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Accept Donations with PayPal", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.1", + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/7b1ebd26-ea8b-448c-a775-66a04102e44f", + "name": "https://wpscan.com/vulnerability/7b1ebd26-ea8b-448c-a775-66a04102e44f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "dc11" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24575.json b/2021/24xxx/CVE-2021-24575.json index d9c511154a2..bf8a13fcbb8 100644 --- a/2021/24xxx/CVE-2021-24575.json +++ b/2021/24xxx/CVE-2021-24575.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24575", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WPSchoolPress < 2.1.10 - Multiple Authenticated SQL Injections" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "School Management System – WPSchoolPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.10", + "version_value": "2.1.10" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a", + "name": "https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "JrXnm" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24594.json b/2021/24xxx/CVE-2021-24594.json index 305f32b10a7..c071b1fa808 100644 --- a/2021/24xxx/CVE-2021-24594.json +++ b/2021/24xxx/CVE-2021-24594.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24594", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Translate WordPress – Google Language Translator", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.0.12", + "version_value": "6.0.12" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/cf7b0f07-8b9b-40a1-ba7b-e8d34f515a6b", + "name": "https://wpscan.com/vulnerability/cf7b0f07-8b9b-40a1-ba7b-e8d34f515a6b" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2607480/", + "name": "https://plugins.trac.wordpress.org/changeset/2607480/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24607.json b/2021/24xxx/CVE-2021-24607.json index bc607551618..c1b6c3a7be5 100644 --- a/2021/24xxx/CVE-2021-24607.json +++ b/2021/24xxx/CVE-2021-24607.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24607", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Storefront Footer Text", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the \"Footer Credit Text\" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/efa7d91a-447b-4fd8-aa21-5364b177fee9", + "name": "https://wpscan.com/vulnerability/efa7d91a-447b-4fd8-aa21-5364b177fee9" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24616.json b/2021/24xxx/CVE-2021-24616.json index 57182075cb8..c7a1718ea02 100644 --- a/2021/24xxx/CVE-2021-24616.json +++ b/2021/24xxx/CVE-2021-24616.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24616", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "AddToAny Share Buttons", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.48", + "version_value": "1.7.48" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/04eaf380-c345-425f-8800-142e3f4745a9", + "name": "https://wpscan.com/vulnerability/04eaf380-c345-425f-8800-142e3f4745a9" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2609928/", + "name": "https://plugins.trac.wordpress.org/changeset/2609928/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "TYM" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24624.json b/2021/24xxx/CVE-2021-24624.json index e50539d0b30..b739de27781 100644 --- a/2021/24xxx/CVE-2021-24624.json +++ b/2021/24xxx/CVE-2021-24624.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24624", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "MP3 Audio Player for Music, Radio & Podcast by Sonaar", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.2", + "version_value": "2.4.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d79d2f6a-257a-4c9e-b971-9837abd4211c", + "name": "https://wpscan.com/vulnerability/d79d2f6a-257a-4c9e-b971-9837abd4211c" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24625.json b/2021/24xxx/CVE-2021-24625.json index 91b4e6b4869..a29e51404ab 100644 --- a/2021/24xxx/CVE-2021-24625.json +++ b/2021/24xxx/CVE-2021-24625.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24625", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "SpiderCatalog <= 1.7.3 - Admin+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "SpiderCatalog", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.7.3", + "version_value": "1.7.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/33e4d7c6-fa6f-459f-84b9-732ec40088b8", + "name": "https://wpscan.com/vulnerability/33e4d7c6-fa6f-459f-84b9-732ec40088b8" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-catalog/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-catalog/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shreya Pohekar of Codevigilant Project" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24626.json b/2021/24xxx/CVE-2021-24626.json index b1fbcf532d7..c9cdc1b1fb8 100644 --- a/2021/24xxx/CVE-2021-24626.json +++ b/2021/24xxx/CVE-2021-24626.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24626", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Chameleon CSS <= 1.2 - Subscriber+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Chameleon CSS", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.2", + "version_value": "1.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165", + "name": "https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shreya Pohekar of Codevigilant Project" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24627.json b/2021/24xxx/CVE-2021-24627.json index 562f49715ce..881fe2beeed 100644 --- a/2021/24xxx/CVE-2021-24627.json +++ b/2021/24xxx/CVE-2021-24627.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24627", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "G Auto-Hyperlink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/c04ea768-150f-41b8-b08c-78d1ae006bbb", + "name": "https://wpscan.com/vulnerability/c04ea768-150f-41b8-b08c-78d1ae006bbb" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-g-auto-hyperlink/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-g-auto-hyperlink/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shreya Pohekar of Codevigilant Project" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24628.json b/2021/24xxx/CVE-2021-24628.json index e18ace8f7e8..40865975d2c 100644 --- a/2021/24xxx/CVE-2021-24628.json +++ b/2021/24xxx/CVE-2021-24628.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24628", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Wow Forms <= 3.1.3 - Admin+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Wow Forms – create any form with custom style", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.1.3", + "version_value": "3.1.3" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d742ab35-4e2d-42a8-bebc-b953b2e10e3c", + "name": "https://wpscan.com/vulnerability/d742ab35-4e2d-42a8-bebc-b953b2e10e3c" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-mwp-forms/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-mwp-forms/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shreya Pohekar of Codevigilant Project" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24629.json b/2021/24xxx/CVE-2021-24629.json index 39294e04010..dd649b0da0a 100644 --- a/2021/24xxx/CVE-2021-24629.json +++ b/2021/24xxx/CVE-2021-24629.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24629", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Post Content XMLRPC <= 1.0 - Admin+ SQL Injections" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Post Content XMLRPC", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/fb42980c-93e5-42d5-a478-c2b348eaea67", + "name": "https://wpscan.com/vulnerability/fb42980c-93e5-42d5-a478-c2b348eaea67" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shreya Pohekar of Codevigilant Project" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24630.json b/2021/24xxx/CVE-2021-24630.json index 86e7c109d13..865d105bdaf 100644 --- a/2021/24xxx/CVE-2021-24630.json +++ b/2021/24xxx/CVE-2021-24630.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24630", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Schreikasten <= 0.14.18 - Author+ SQL Injections" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Schreikasten", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.14.18", + "version_value": "0.14.18" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/a0787dae-a4b7-4248-9960-aaffabfaeb9f", + "name": "https://wpscan.com/vulnerability/a0787dae-a4b7-4248-9960-aaffabfaeb9f" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-schreikasten/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-schreikasten/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shreya Pohekar of Codevigilant Project" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24631.json b/2021/24xxx/CVE-2021-24631.json index 2bef69c1d6a..c6219c0da01 100644 --- a/2021/24xxx/CVE-2021-24631.json +++ b/2021/24xxx/CVE-2021-24631.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24631", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Unlimited PopUps <= 4.5.3 - Author+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Unlimited PopUps", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.5.3", + "version_value": "4.5.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/9841176d-1d37-4636-9144-0ca42b6f3605", + "name": "https://wpscan.com/vulnerability/9841176d-1d37-4636-9144-0ca42b6f3605" + }, + { + "refsource": "MISC", + "url": "https://codevigilant.com/disclosure/2021/wp-plugin-unlimited-popups/", + "name": "https://codevigilant.com/disclosure/2021/wp-plugin-unlimited-popups/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shreya Pohekar of Codevigilant Project" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24645.json b/2021/24xxx/CVE-2021-24645.json index 43e9fde0362..7bfae346ed9 100644 --- a/2021/24xxx/CVE-2021-24645.json +++ b/2021/24xxx/CVE-2021-24645.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24645", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Booking.com Product Helper <= 1.0.1 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Booking.com Product Helper", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Booking.com Product Helper WordPress plugin through 1.0.1 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/b15744de-bf56-4e84-9427-b5652d123c15", + "name": "https://wpscan.com/vulnerability/b15744de-bf56-4e84-9427-b5652d123c15" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24646.json b/2021/24xxx/CVE-2021-24646.json index c593127bcd3..dda88eae8a5 100644 --- a/2021/24xxx/CVE-2021-24646.json +++ b/2021/24xxx/CVE-2021-24646.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24646", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Booking.com Banner Creator <= 1.4.2 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Booking.com Banner Creator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4.2", + "version_value": "1.4.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Booking.com Banner Creator WordPress plugin through 1.4.2 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/36aae14e-4bdf-4da6-a0f9-d71935105d45", + "name": "https://wpscan.com/vulnerability/36aae14e-4bdf-4da6-a0f9-d71935105d45" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Asif Nawaz Minhas" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24647.json b/2021/24xxx/CVE-2021-24647.json index a053360c7e1..6c52da278d0 100644 --- a/2021/24xxx/CVE-2021-24647.json +++ b/2021/24xxx/CVE-2021-24647.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24647", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.1.7.6", + "version_value": "3.1.7.6" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/40d347b1-b86e-477d-b4c6-da105935ce37", + "name": "https://wpscan.com/vulnerability/40d347b1-b86e-477d-b4c6-da105935ce37" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-287 Improper Authentication", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "AyeCode Ltd" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24669.json b/2021/24xxx/CVE-2021-24669.json index c93e9adf04f..860b1f85589 100644 --- a/2021/24xxx/CVE-2021-24669.json +++ b/2021/24xxx/CVE-2021-24669.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24669", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "MAZ Loader < 1.3.3 - Contributor+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "MAZ Loader – Preloader Builder for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.3", + "version_value": "1.3.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/b97afbe8-c9ae-40a2-81e5-b1d7a6b31831", + "name": "https://wpscan.com/vulnerability/b97afbe8-c9ae-40a2-81e5-b1d7a6b31831" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24674.json b/2021/24xxx/CVE-2021-24674.json index 487d40b7a91..93fd0495532 100644 --- a/2021/24xxx/CVE-2021-24674.json +++ b/2021/24xxx/CVE-2021-24674.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24674", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Genie WP Favicon <= 0.5.2 - Arbitrary Favicon Change via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Genie WP Favicon", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.5.2", + "version_value": "0.5.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/26965878-c4c9-4f43-9e9a-6e58d6b46ef2", + "name": "https://wpscan.com/vulnerability/26965878-c4c9-4f43-9e9a-6e58d6b46ef2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24682.json b/2021/24xxx/CVE-2021-24682.json index fb30e275663..9aab998b73d 100644 --- a/2021/24xxx/CVE-2021-24682.json +++ b/2021/24xxx/CVE-2021-24682.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24682", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Cool Tag Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.26", + "version_value": "2.26" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/7dfdd50d-77f9-4f0a-8673-8f033c0b0e05", + "name": "https://wpscan.com/vulnerability/7dfdd50d-77f9-4f0a-8673-8f033c0b0e05" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24685.json b/2021/24xxx/CVE-2021-24685.json index fac53d3d69d..4c3b057eb58 100644 --- a/2021/24xxx/CVE-2021-24685.json +++ b/2021/24xxx/CVE-2021-24685.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24685", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Flat Preloader", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.4", + "version_value": "1.5.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/972ecde8-3d44-4dd9-81e3-643d8737434f", + "name": "https://wpscan.com/vulnerability/972ecde8-3d44-4dd9-81e3-643d8737434f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24693.json b/2021/24xxx/CVE-2021-24693.json index 4075e8a0bbd..4725e16f736 100644 --- a/2021/24xxx/CVE-2021-24693.json +++ b/2021/24xxx/CVE-2021-24693.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-24693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Download Monitor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9.5", + "version_value": "3.9.5" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the \"File Thumbnail\" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin" } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/4bb559b7-8dde-4c90-a9a6-d8dcfbea53a7", + "name": "https://wpscan.com/vulnerability/4bb559b7-8dde-4c90-a9a6-d8dcfbea53a7" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24695.json b/2021/24xxx/CVE-2021-24695.json index ba04719fd76..b21814ba1aa 100644 --- a/2021/24xxx/CVE-2021-24695.json +++ b/2021/24xxx/CVE-2021-24695.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24695", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple Download Monitor < 3.9.6 - Unauthenticated Log Access" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Download Monitor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9.6", + "version_value": "3.9.6" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25", + "name": "https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-200 Information Exposure", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24697.json b/2021/24xxx/CVE-2021-24697.json index 0c7caa193b7..ede5ddf0069 100644 --- a/2021/24xxx/CVE-2021-24697.json +++ b/2021/24xxx/CVE-2021-24697.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24697", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Download Monitor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9.5", + "version_value": "3.9.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/ef9ae513-6c29-45c2-b5ae-4a06a217c499", + "name": "https://wpscan.com/vulnerability/ef9ae513-6c29-45c2-b5ae-4a06a217c499" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24698.json b/2021/24xxx/CVE-2021-24698.json index 277135d7a2f..7e5e6521c15 100644 --- a/2021/24xxx/CVE-2021-24698.json +++ b/2021/24xxx/CVE-2021-24698.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24698", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Download Monitor", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9.6", + "version_value": "3.9.6" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/1fda1356-77d8-4e77-9ee6-8f9ceeb3d380", + "name": "https://wpscan.com/vulnerability/1fda1356-77d8-4e77-9ee6-8f9ceeb3d380" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24701.json b/2021/24xxx/CVE-2021-24701.json index 59da82ddf98..233304b2094 100644 --- a/2021/24xxx/CVE-2021-24701.json +++ b/2021/24xxx/CVE-2021-24701.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24701", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Quiz Tool Lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.3.15", + "version_value": "2.3.15" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f7b95789-43f2-42a5-95e6-eb7accbd5ed3", + "name": "https://wpscan.com/vulnerability/f7b95789-43f2-42a5-95e6-eb7accbd5ed3" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shivam Rai" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24706.json b/2021/24xxx/CVE-2021-24706.json index c0acc1e1492..9a04ff320c4 100644 --- a/2021/24xxx/CVE-2021-24706.json +++ b/2021/24xxx/CVE-2021-24706.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24706", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Qwizcards – online quizzes and flashcards", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.62", + "version_value": "3.62" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/ecddb611-de75-41d5-a470-8fc2cf0780a4", + "name": "https://wpscan.com/vulnerability/ecddb611-de75-41d5-a470-8fc2cf0780a4" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shivam Rai" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24708.json b/2021/24xxx/CVE-2021-24708.json index 7e899cb8aaa..eeb60db71ea 100644 --- a/2021/24xxx/CVE-2021-24708.json +++ b/2021/24xxx/CVE-2021-24708.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24708", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Export any WordPress data to XML/CSV", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.1", + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/4560eef4-253b-49a4-8e20-9520c45c6f7f", + "name": "https://wpscan.com/vulnerability/4560eef4-253b-49a4-8e20-9520c45c6f7f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Huy Nguyen" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24710.json b/2021/24xxx/CVE-2021-24710.json index 99ce3a3bce4..79b5ffe759f 100644 --- a/2021/24xxx/CVE-2021-24710.json +++ b/2021/24xxx/CVE-2021-24710.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24710", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Print-O-Matic", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.3", + "version_value": "2.0.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/84e83d52-f69a-4de2-80c8-7c1996b30a04", + "name": "https://wpscan.com/vulnerability/84e83d52-f69a-4de2-80c8-7c1996b30a04" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2610060/", + "name": "https://plugins.trac.wordpress.org/changeset/2610060/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Zain Ahmed" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24715.json b/2021/24xxx/CVE-2021-24715.json index e878b5ecd90..0921f2febd9 100644 --- a/2021/24xxx/CVE-2021-24715.json +++ b/2021/24xxx/CVE-2021-24715.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24715", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Sitemap Page", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.0", + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/da66d54e-dda8-4aa8-8d27-b8b87100bb21", + "name": "https://wpscan.com/vulnerability/da66d54e-dda8-4aa8-8d27-b8b87100bb21" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Nikhil Kapoor From Esecforte" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24716.json b/2021/24xxx/CVE-2021-24716.json index 77ec5bc35ab..506055572d2 100644 --- a/2021/24xxx/CVE-2021-24716.json +++ b/2021/24xxx/CVE-2021-24716.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24716", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Modern Events Calendar Lite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.22.3", + "version_value": "5.22.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/576cc93d-1499-452b-97dd-80f69002e2a0", + "name": "https://wpscan.com/vulnerability/576cc93d-1499-452b-97dd-80f69002e2a0" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shivam Rai" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24717.json b/2021/24xxx/CVE-2021-24717.json index 49ce8d572f1..a4968e3f7a2 100644 --- a/2021/24xxx/CVE-2021-24717.json +++ b/2021/24xxx/CVE-2021-24717.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24717", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "AutomatorWP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.6", + "version_value": "1.7.6" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f", + "name": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-863 Incorrect Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24721.json b/2021/24xxx/CVE-2021-24721.json index a1e833bac4f..ad7a8d3d559 100644 --- a/2021/24xxx/CVE-2021-24721.json +++ b/2021/24xxx/CVE-2021-24721.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24721", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Loco Translate < 2.5.4 - Authenticated PHP Code Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Loco Translate", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.5.4", + "version_value": "2.5.4" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated \"translator\" users being able to inject PHP code into files ending with .php in web accessible locations." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/bc7d4774-fce8-4b0b-8015-8ef4c5b02d38", + "name": "https://wpscan.com/vulnerability/bc7d4774-fce8-4b0b-8015-8ef4c5b02d38" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Tomi Ashari" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24722.json b/2021/24xxx/CVE-2021-24722.json index 23fb3477b2d..973ce41a3b6 100644 --- a/2021/24xxx/CVE-2021-24722.json +++ b/2021/24xxx/CVE-2021-24722.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24722", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Restaurant Menu by MotoPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.4.2", + "version_value": "2.4.2" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/14b29450-2450-4b5f-8630-bb2cbfbd0a83", + "name": "https://wpscan.com/vulnerability/14b29450-2450-4b5f-8630-bb2cbfbd0a83" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shivam Rai" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24723.json b/2021/24xxx/CVE-2021-24723.json index 3e37fdd2953..356f575e54c 100644 --- a/2021/24xxx/CVE-2021-24723.json +++ b/2021/24xxx/CVE-2021-24723.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24723", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Reactions Lite < 1.3.6 - Authenticated Stored Cross Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Reactions Lite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.6", + "version_value": "1.3.6" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/0a46ae96-41e5-4b52-91c3-409f7387aecc", + "name": "https://wpscan.com/vulnerability/0a46ae96-41e5-4b52-91c3-409f7387aecc" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Shivam Rai" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24731.json b/2021/24xxx/CVE-2021-24731.json index d7b8c63bc28..a260b451dcc 100644 --- a/2021/24xxx/CVE-2021-24731.json +++ b/2021/24xxx/CVE-2021-24731.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24731", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Pie Register < 3.7.1.6 - Unauthenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.7.1.6", + "version_value": "3.7.1.6" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a", + "name": "https://wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "AyeCode Ltd" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24742.json b/2021/24xxx/CVE-2021-24742.json index f23552e1204..715b346050f 100644 --- a/2021/24xxx/CVE-2021-24742.json +++ b/2021/24xxx/CVE-2021-24742.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24742", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings Update" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Logo Slider and Showcase", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.3.37", + "version_value": "1.3.37" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993", + "name": "https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-863 Incorrect Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24757.json b/2021/24xxx/CVE-2021-24757.json index 7cdb9d07950..a441a101a0c 100644 --- a/2021/24xxx/CVE-2021-24757.json +++ b/2021/24xxx/CVE-2021-24757.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24757", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Stylish Price List", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.9.0", + "version_value": "6.9.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91", + "name": "https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-863 Incorrect Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24766.json b/2021/24xxx/CVE-2021-24766.json index ec21f5bfe90..53757bc82ab 100644 --- a/2021/24xxx/CVE-2021-24766.json +++ b/2021/24xxx/CVE-2021-24766.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24766", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24766", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "404 to 301 < 3.0.9 - Logs Deletion via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "404 to 301 – Redirect, Log and Notify 404 Errors", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.9", + "version_value": "3.0.9" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/cc13db1e-5f7f-49b2-81da-f913cfe70543", + "name": "https://wpscan.com/vulnerability/cc13db1e-5f7f-49b2-81da-f913cfe70543" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24767.json b/2021/24xxx/CVE-2021-24767.json index 20373eae90f..1d5cba2b38b 100644 --- a/2021/24xxx/CVE-2021-24767.json +++ b/2021/24xxx/CVE-2021-24767.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24767", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Redirect 404 Error Page to Homepage or Custom Page with Logs", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.7.9", + "version_value": "1.7.9" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962", + "name": "https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24770.json b/2021/24xxx/CVE-2021-24770.json index de3385d6a7e..12c0d5c6b88 100644 --- a/2021/24xxx/CVE-2021-24770.json +++ b/2021/24xxx/CVE-2021-24770.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24770", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Stylish Price List", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.9.1", + "version_value": "6.9.1" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/4365c813-4bd7-4c7c-a15b-ef9a42d32b26", + "name": "https://wpscan.com/vulnerability/4365c813-4bd7-4c7c-a15b-ef9a42d32b26" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-863 Incorrect Authorization", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24773.json b/2021/24xxx/CVE-2021-24773.json index dff7e93c9fb..863247fae2b 100644 --- a/2021/24xxx/CVE-2021-24773.json +++ b/2021/24xxx/CVE-2021-24773.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24773", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24773", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WordPress Download Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.2.16", + "version_value": "3.2.16" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/aab2ddbb-7675-40fc-90ee-f5bfa8a5b995", + "name": "https://wpscan.com/vulnerability/aab2ddbb-7675-40fc-90ee-f5bfa8a5b995" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Huy Nguyen (Inval1d Team)" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24779.json b/2021/24xxx/CVE-2021-24779.json index 6f81354df01..eca4ddcec1d 100644 --- a/2021/24xxx/CVE-2021-24779.json +++ b/2021/24xxx/CVE-2021-24779.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any capability and CSRF checks, as a result, the settings can be updated by unauthenticated users." + "value": "The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users." } ] }, @@ -56,7 +56,7 @@ { "description": [ { - "value": "CWE-284 Improper Access Control", + "value": "CWE-862 Missing Authorization", "lang": "eng" } ] @@ -72,4 +72,4 @@ "source": { "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/24xxx/CVE-2021-24781.json b/2021/24xxx/CVE-2021-24781.json index 694d9d86cd7..e19a3996c43 100644 --- a/2021/24xxx/CVE-2021-24781.json +++ b/2021/24xxx/CVE-2021-24781.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24781", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Image Source Control", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3.1", + "version_value": "2.3.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/3550ba54-7786-4ad9-aeb1-1c0750f189d0", + "name": "https://wpscan.com/vulnerability/3550ba54-7786-4ad9-aeb1-1c0750f189d0" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2606615/", + "name": "https://plugins.trac.wordpress.org/changeset/2606615/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24783.json b/2021/24xxx/CVE-2021-24783.json index 7695bc5ef2f..cbc784d13c4 100644 --- a/2021/24xxx/CVE-2021-24783.json +++ b/2021/24xxx/CVE-2021-24783.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24783", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24783", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Post Expirator: Automatically Unpublish WordPress Posts", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.6.0", + "version_value": "2.6.0" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/de51b970-ab13-41a6-a479-a92cd0e70b71", + "name": "https://wpscan.com/vulnerability/de51b970-ab13-41a6-a479-a92cd0e70b71" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24788.json b/2021/24xxx/CVE-2021-24788.json index a55ec9fc57e..1387a8cecb1 100644 --- a/2021/24xxx/CVE-2021-24788.json +++ b/2021/24xxx/CVE-2021-24788.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24788", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Batch Cat", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.3", + "version_value": "0.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b", + "name": "https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Quentin VILLAIN (3wsec)" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24789.json b/2021/24xxx/CVE-2021-24789.json index 667ee61895d..8dbe1cb2f06 100644 --- a/2021/24xxx/CVE-2021-24789.json +++ b/2021/24xxx/CVE-2021-24789.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24789", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Flat Preloader", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5.5", + "version_value": "1.5.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/e8550ccd-3898-4e27-aca9-ade89823ff4d", + "name": "https://wpscan.com/vulnerability/e8550ccd-3898-4e27-aca9-ade89823ff4d" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24791.json b/2021/24xxx/CVE-2021-24791.json index bdeaba9b33e..5c3516c1d02 100644 --- a/2021/24xxx/CVE-2021-24791.json +++ b/2021/24xxx/CVE-2021-24791.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24791", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Header Footer Code Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.1.14", + "version_value": "1.1.14" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the \"orderby\" and \"order\" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/d55caa9b-d50f-4c13-bc69-dc475641735f", + "name": "https://wpscan.com/vulnerability/d55caa9b-d50f-4c13-bc69-dc475641735f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "bl4derunner" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24793.json b/2021/24xxx/CVE-2021-24793.json index 59ccaab7b1f..39e8772bf50 100644 --- a/2021/24xxx/CVE-2021-24793.json +++ b/2021/24xxx/CVE-2021-24793.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24793", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24793", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WPeMatico RSS Feed Fetcher", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.6.12", + "version_value": "2.6.12" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/eeedbb3b-ae10-4472-a1d3-f196f95b9d96", + "name": "https://wpscan.com/vulnerability/eeedbb3b-ae10-4472-a1d3-f196f95b9d96" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Huy Nguyen" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24794.json b/2021/24xxx/CVE-2021-24794.json index 361a17dcc6b..228dfd8fd17 100644 --- a/2021/24xxx/CVE-2021-24794.json +++ b/2021/24xxx/CVE-2021-24794.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24794", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24794", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Connections Business Directory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10.4.3", + "version_value": "10.4.3" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5", + "name": "https://wpscan.com/vulnerability/651dc567-943e-4f57-8ec4-6eee466785f5" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Huy Nguyen" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24798.json b/2021/24xxx/CVE-2021-24798.json index 389632b72fb..4ba07277017 100644 --- a/2021/24xxx/CVE-2021-24798.json +++ b/2021/24xxx/CVE-2021-24798.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24798", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24798", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Header Images < 2.0.1 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Header Images", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.0.1", + "version_value": "2.0.1" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Header Images WordPress plugin before 2.0.1 does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/58c9a007-42db-4142-b096-0b9ba8850f87", + "name": "https://wpscan.com/vulnerability/58c9a007-42db-4142-b096-0b9ba8850f87" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24799.json b/2021/24xxx/CVE-2021-24799.json index 70db8ac9cae..10820fa50c1 100644 --- a/2021/24xxx/CVE-2021-24799.json +++ b/2021/24xxx/CVE-2021-24799.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24799", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Far Future Expiry Header", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.5", + "version_value": "1.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/6010ce4e-3e46-4cc1-96d8-560b30b605ed", + "name": "https://wpscan.com/vulnerability/6010ce4e-3e46-4cc1-96d8-560b30b605ed" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24801.json b/2021/24xxx/CVE-2021-24801.json index de27ba1a4fb..0a9780cda5f 100644 --- a/2021/24xxx/CVE-2021-24801.json +++ b/2021/24xxx/CVE-2021-24801.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24801", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Survey Plus", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.0", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site Scripting issues" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d", + "name": "https://wpscan.com/vulnerability/78405609-2105-4011-b18e-1ba5f438972d" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Vishal Mohan" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24806.json b/2021/24xxx/CVE-2021-24806.json index a9c5b1a9890..09040027231 100644 --- a/2021/24xxx/CVE-2021-24806.json +++ b/2021/24xxx/CVE-2021-24806.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24806", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24806", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Comments – wpDiscuz", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.3.4", + "version_value": "7.3.4" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe", + "name": "https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Brandon Roldan" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24807.json b/2021/24xxx/CVE-2021-24807.json index b33a91302d8..049a29075ba 100644 --- a/2021/24xxx/CVE-2021-24807.json +++ b/2021/24xxx/CVE-2021-24807.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24807", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24807", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Support Board < 3.3.5 - Agent+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Support Board", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.3.5", + "version_value": "3.3.5" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-86c826b288b0", + "name": "https://wpscan.com/vulnerability/19d101aa-4b60-4db4-a33b-86c826b288b0" + }, + { + "refsource": "MISC", + "url": "https://medium.com/@lijohnjefferson/cve-2021-24807-6bc22af2a444", + "name": "https://medium.com/@lijohnjefferson/cve-2021-24807-6bc22af2a444" + }, + { + "refsource": "MISC", + "url": "https://github.com/itsjeffersonli/CVE-2021-24807", + "name": "https://github.com/itsjeffersonli/CVE-2021-24807" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "John Jefferson Li" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24808.json b/2021/24xxx/CVE-2021-24808.json index 59a6a6bd3ae..1c862486d1e 100644 --- a/2021/24xxx/CVE-2021-24808.json +++ b/2021/24xxx/CVE-2021-24808.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24808", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "BP Better Messages", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9.9.41", + "version_value": "1.9.9.41" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/53ff82ec-00ec-4b20-8f60-db9db8c025b4", + "name": "https://wpscan.com/vulnerability/53ff82ec-00ec-4b20-8f60-db9db8c025b4" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2605772/bp-better-messages/trunk/views/layout-new.php", + "name": "https://plugins.trac.wordpress.org/changeset/2605772/bp-better-messages/trunk/views/layout-new.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Brandon Roldan" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24809.json b/2021/24xxx/CVE-2021-24809.json index 7f3f35632ef..0e85e733219 100644 --- a/2021/24xxx/CVE-2021-24809.json +++ b/2021/24xxx/CVE-2021-24809.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24809", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24809", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "BP Better Messages < 1.9.9.41 - Multiple CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "BP Better Messages", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.9.9.41", + "version_value": "1.9.9.41" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/e186fef4-dca0-461f-b539-082c13a68d13", + "name": "https://wpscan.com/vulnerability/e186fef4-dca0-461f-b539-082c13a68d13" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2605772/bp-better-messages/trunk/inc/ajax.php", + "name": "https://plugins.trac.wordpress.org/changeset/2605772/bp-better-messages/trunk/inc/ajax.php" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Brandon Roldan" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24813.json b/2021/24xxx/CVE-2021-24813.json index 5f0720e19af..cce1195ec64 100644 --- a/2021/24xxx/CVE-2021-24813.json +++ b/2021/24xxx/CVE-2021-24813.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24813", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Events Made Easy", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.2.24", + "version_value": "2.2.24" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/a1fe0783-7a88-4d75-967f-cef970b73752", + "name": "https://wpscan.com/vulnerability/a1fe0783-7a88-4d75-967f-cef970b73752" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2607749/", + "name": "https://plugins.trac.wordpress.org/changeset/2607749/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-79 Cross-site Scripting (XSS)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Huy Nguyen" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24816.json b/2021/24xxx/CVE-2021-24816.json index 88dde0f26f9..01884844df7 100644 --- a/2021/24xxx/CVE-2021-24816.json +++ b/2021/24xxx/CVE-2021-24816.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-24816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Phoenix Media Rename", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.4.4", + "version_value": "3.4.4" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/5f63d677-20f3-4fe0-bb90-048b6898e6cd", + "name": "https://wpscan.com/vulnerability/5f63d677-20f3-4fe0-bb90-048b6898e6cd" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-284 Improper Access Control", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "apple502j" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24827.json b/2021/24xxx/CVE-2021-24827.json index fb260b2ba26..09923fab4ce 100644 --- a/2021/24xxx/CVE-2021-24827.json +++ b/2021/24xxx/CVE-2021-24827.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24827", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24827", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Asgaros Forum", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1.15.13", + "version_value": "1.15.13" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1", + "name": "https://wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2611560/asgaros-forum", + "name": "https://plugins.trac.wordpress.org/changeset/2611560/asgaros-forum" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "JrXnm" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24829.json b/2021/24xxx/CVE-2021-24829.json index b33d01f3e91..4e5b285c223 100644 --- a/2021/24xxx/CVE-2021-24829.json +++ b/2021/24xxx/CVE-2021-24829.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24829", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24829", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Visitor Traffic Real Time Statistics", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.9", + "version_value": "3.9" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/cc6585c8-5798-48a1-89f7-a3337f56df3f", + "name": "https://wpscan.com/vulnerability/cc6585c8-5798-48a1-89f7-a3337f56df3f" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "JrXnm" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24832.json b/2021/24xxx/CVE-2021-24832.json index 03c0dc4dff7..36817f76e17 100644 --- a/2021/24xxx/CVE-2021-24832.json +++ b/2021/24xxx/CVE-2021-24832.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24832", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP SEO Redirect 301", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.3.2", + "version_value": "2.3.2" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/cf031259-b76e-475c-8a8e-fa6a0d9e7bb4", + "name": "https://wpscan.com/vulnerability/cf031259-b76e-475c-8a8e-fa6a0d9e7bb4" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Francesco Carlucci" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24835.json b/2021/24xxx/CVE-2021-24835.json index ad031588948..3556c7e2baf 100644 --- a/2021/24xxx/CVE-2021-24835.json +++ b/2021/24xxx/CVE-2021-24835.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24835", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24835", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.5.12", + "version_value": "6.5.12" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/c493ac9c-67d1-48a9-be21-824b1a1d56c2", + "name": "https://wpscan.com/vulnerability/c493ac9c-67d1-48a9-be21-824b1a1d56c2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "JrXnm" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/24xxx/CVE-2021-24840.json b/2021/24xxx/CVE-2021-24840.json index 7f29351fa4b..1464c8f88d7 100644 --- a/2021/24xxx/CVE-2021-24840.json +++ b/2021/24xxx/CVE-2021-24840.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24840", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Squaretype", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "3.0.4", + "version_value": "3.0.4" + } + ] + } + } + ] + } + } + ] } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/971302fd-4e8b-4c6a-818f-3a42c7fb83ef", + "name": "https://wpscan.com/vulnerability/971302fd-4e8b-4c6a-818f-3a42c7fb83ef" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "Emil Kylander Edwartz" + } + ], + "source": { + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24844.json b/2021/24xxx/CVE-2021-24844.json index 78952e41113..211f94b9797 100644 --- a/2021/24xxx/CVE-2021-24844.json +++ b/2021/24xxx/CVE-2021-24844.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-24844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] + "CVE_data_meta": { + "ID": "CVE-2021-24844", + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC", + "TITLE": "Affiliate Manager < 2.8.7 - Admin+ SQL injection" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "generator": "WPScan CVE Generator", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Affiliates Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.8.7", + "version_value": "2.8.7" + } + ] + } + } + ] + } + } + ] } -} \ No newline at end of file + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://wpscan.com/vulnerability/ebd6d13c-572e-4861-b7d1-a7a87332ce0d", + "name": "https://wpscan.com/vulnerability/ebd6d13c-572e-4861-b7d1-a7a87332ce0d" + }, + { + "refsource": "CONFIRM", + "url": "https://plugins.trac.wordpress.org/changeset/2611862/", + "name": "https://plugins.trac.wordpress.org/changeset/2611862/" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "CWE-89 SQL Injection", + "lang": "eng" + } + ] + } + ] + }, + "credit": [ + { + "lang": "eng", + "value": "JrXnm" + } + ], + "source": { + "discovery": "EXTERNAL" + } +} diff --git a/2021/25xxx/CVE-2021-25500.json b/2021/25xxx/CVE-2021-25500.json index 55e3f1696e0..4113ab81e3e 100644 --- a/2021/25xxx/CVE-2021-25500.json +++ b/2021/25xxx/CVE-2021-25500.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Select Q(10.0), R(11.0) devices with Exynos 980, 9820, 9830, 2100 chipset", + "version_value": "SMR Nov-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25501.json b/2021/25xxx/CVE-2021-25501.json index 7e874873bd4..00401223d02 100644 --- a/2021/25xxx/CVE-2021-25501.json +++ b/2021/25xxx/CVE-2021-25501.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10.0), R(11.0)", + "version_value": "SMR Nov-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25502.json b/2021/25xxx/CVE-2021-25502.json index 6682863ec84..eeaf90049b8 100644 --- a/2021/25xxx/CVE-2021-25502.json +++ b/2021/25xxx/CVE-2021-25502.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)", + "version_value": "SMR Nov-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25503.json b/2021/25xxx/CVE-2021-25503.json index 2c9116814ee..6808f3b7042 100644 --- a/2021/25xxx/CVE-2021-25503.json +++ b/2021/25xxx/CVE-2021-25503.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Select O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets", + "version_value": "SMR Nov-2021 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25504.json b/2021/25xxx/CVE-2021-25504.json index 950ca87fb86..a781a8a80f5 100644 --- a/2021/25xxx/CVE-2021-25504.json +++ b/2021/25xxx/CVE-2021-25504.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Group Sharing", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "10.8.03.2" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25505.json b/2021/25xxx/CVE-2021-25505.json index 6a11eada11d..07b2df062ee 100644 --- a/2021/25xxx/CVE-2021-25505.json +++ b/2021/25xxx/CVE-2021-25505.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Pass", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "3.0.02.4" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25506.json b/2021/25xxx/CVE-2021-25506.json index 61127067f3a..173f661bf78 100644 --- a/2021/25xxx/CVE-2021-25506.json +++ b/2021/25xxx/CVE-2021-25506.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25506", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Health", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "6.19.1.0001" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: IMproper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25507.json b/2021/25xxx/CVE-2021-25507.json index bd0819bda5e..2eda6778f47 100644 --- a/2021/25xxx/CVE-2021-25507.json +++ b/2021/25xxx/CVE-2021-25507.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Flow", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "4.8.03.5" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25508.json b/2021/25xxx/CVE-2021-25508.json index 55383b4e048..f90af07f570 100644 --- a/2021/25xxx/CVE-2021-25508.json +++ b/2021/25xxx/CVE-2021-25508.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartThings", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "1.7.73.22" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25509.json b/2021/25xxx/CVE-2021-25509.json index 2e63b2161d0..551ccd6edb5 100644 --- a/2021/25xxx/CVE-2021-25509.json +++ b/2021/25xxx/CVE-2021-25509.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Flow", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "-", + "version_value": "4.8.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=11" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25663.json b/2021/25xxx/CVE-2021-25663.json index a3780147488..84c6b689d1c 100644 --- a/2021/25xxx/CVE-2021-25663.json +++ b/2021/25xxx/CVE-2021-25663.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Nucleus 4", + "product_name": "Capital VSTAR", "version": { "version_data": [ { - "version_value": "All versions < V4.1.0" + "version_value": "Versions including affected IPv6 stack" } ] } @@ -35,11 +35,21 @@ } }, { - "product_name": "Nucleus ReadyStart", + "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.0" } ] } @@ -49,17 +59,7 @@ "version": { "version_data": [ { - "version_value": "versions including affected IPv6 stack" - } - ] - } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected IPv6 stack" + "version_value": "Versions including affected IPv6 stack" } ] } @@ -86,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected IPv6 stack), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values." } ] }, diff --git a/2021/25xxx/CVE-2021-25664.json b/2021/25xxx/CVE-2021-25664.json index 41dffc61731..4130957413d 100644 --- a/2021/25xxx/CVE-2021-25664.json +++ b/2021/25xxx/CVE-2021-25664.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Nucleus 4", + "product_name": "Capital VSTAR", "version": { "version_data": [ { - "version_value": "All versions < V4.1.0" + "version_value": "Versions including affected IPv6 stack" } ] } @@ -35,11 +35,21 @@ } }, { - "product_name": "Nucleus ReadyStart", + "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.0" } ] } @@ -49,17 +59,7 @@ "version": { "version_data": [ { - "version_value": "versions including affected IPv6 stack" - } - ] - } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected IPv6 stack" + "version_value": "Versions including affected IPv6 stack" } ] } @@ -86,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected IPv6 stack), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values." } ] }, diff --git a/2021/25xxx/CVE-2021-25677.json b/2021/25xxx/CVE-2021-25677.json index 2af44429c2a..eecddb6803a 100644 --- a/2021/25xxx/CVE-2021-25677.json +++ b/2021/25xxx/CVE-2021-25677.json @@ -15,11 +15,11 @@ "product": { "product_data": [ { - "product_name": "Nucleus 4", + "product_name": "Capital VSTAR", "version": { "version_data": [ { - "version_value": "All versions < V4.1.0" + "version_value": "Versions including affected DNS modules" } ] } @@ -35,17 +35,7 @@ } }, { - "product_name": "Nucleus RTOS", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } - }, - { - "product_name": "Nucleus ReadyStart", + "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { @@ -54,12 +44,32 @@ ] } }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.0" + } + ] + } + }, { "product_name": "Nucleus Source Code", "version": { "version_data": [ { - "version_value": "versions including affected DNS modules" + "version_value": "Versions including affected DNS modules" } ] } @@ -73,26 +83,6 @@ } ] } - }, - { - "product_name": "SIMOTICS CONNECT 400", - "version": { - "version_data": [ - { - "version_value": "All versions >= V0.5.0.0" - } - ] - } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } } ] } @@ -116,7 +106,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving." } ] }, diff --git a/2021/25xxx/CVE-2021-25874.json b/2021/25xxx/CVE-2021-25874.json index cd7fdf27436..d703d846142 100644 --- a/2021/25xxx/CVE-2021-25874.json +++ b/2021/25xxx/CVE-2021-25874.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-25874", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-25874", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://avideoyouphptube.com", + "refsource": "MISC", + "name": "http://avideoyouphptube.com" + }, + { + "url": "https://synacktiv.com", + "refsource": "MISC", + "name": "https://synacktiv.com" + }, + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25875.json b/2021/25xxx/CVE-2021-25875.json index b82758b80f6..efec936ecb4 100644 --- a/2021/25xxx/CVE-2021-25875.json +++ b/2021/25xxx/CVE-2021-25875.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-25875", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-25875", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://avideoyouphptube.com", + "refsource": "MISC", + "name": "http://avideoyouphptube.com" + }, + { + "url": "https://synacktiv.com", + "refsource": "MISC", + "name": "https://synacktiv.com" + }, + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25876.json b/2021/25xxx/CVE-2021-25876.json index bd214fe2096..72663f8c976 100644 --- a/2021/25xxx/CVE-2021-25876.json +++ b/2021/25xxx/CVE-2021-25876.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-25876", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-25876", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://avideoyouphptube.com", + "refsource": "MISC", + "name": "http://avideoyouphptube.com" + }, + { + "url": "https://synacktiv.com", + "refsource": "MISC", + "name": "https://synacktiv.com" + }, + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25877.json b/2021/25xxx/CVE-2021-25877.json index 1cdccaf80b5..e29aab1eeed 100644 --- a/2021/25xxx/CVE-2021-25877.json +++ b/2021/25xxx/CVE-2021-25877.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-25877", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-25877", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://avideoyouphptube.com", + "refsource": "MISC", + "name": "http://avideoyouphptube.com" + }, + { + "url": "https://synacktiv.com", + "refsource": "MISC", + "name": "https://synacktiv.com" + }, + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25878.json b/2021/25xxx/CVE-2021-25878.json index decc5060245..a71e7d99b69 100644 --- a/2021/25xxx/CVE-2021-25878.json +++ b/2021/25xxx/CVE-2021-25878.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-25878", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-25878", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://avideoyouphptube.com", + "refsource": "MISC", + "name": "http://avideoyouphptube.com" + }, + { + "url": "https://synacktiv.com", + "refsource": "MISC", + "name": "https://synacktiv.com" + }, + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25971.json b/2021/25xxx/CVE-2021-25971.json index 2b51c29cf0c..6705563baed 100644 --- a/2021/25xxx/CVE-2021-25971.json +++ b/2021/25xxx/CVE-2021-25971.json @@ -51,15 +51,15 @@ "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "NONE", + "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", + "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, @@ -69,7 +69,7 @@ "description": [ { "lang": "eng", - "value": "CWE-613 Insufficient Session Expiration" + "value": "CWE-248 Uncaught Exception" } ] } @@ -99,4 +99,4 @@ "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2021/25xxx/CVE-2021-25973.json b/2021/25xxx/CVE-2021-25973.json index 6914bc648f8..1638409075c 100644 --- a/2021/25xxx/CVE-2021-25973.json +++ b/2021/25xxx/CVE-2021-25973.json @@ -1,18 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2021-25973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Publify - Improper Authorization Leads to Guest Signup Restriction Bypass" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "publify_core", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "9.0.0.pre1" + }, + { + "version_affected": "<=", + "version_value": "9.2.4" + } + ] + } + } + ] + }, + "vendor_name": "publify_core" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. \u201cguest\u201d role users can self-register even when the admin does not allow. This happens due to front-end restriction only." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e", + "name": "https://github.com/publify/publify/commit/3447e0241e921b65f6eb1090453d8ea73e98387e" + }, + { + "refsource": "MISC", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25973" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to 9.2.5" + } + ], + "source": { + "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25978.json b/2021/25xxx/CVE-2021-25978.json index e9096a67caa..2a4e1c2ee8f 100644 --- a/2021/25xxx/CVE-2021-25978.json +++ b/2021/25xxx/CVE-2021-25978.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2021-25978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apostrophe - XSS" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apostrophe ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.3.1" + }, + { + "version_affected": ">=", + "version_value": "2.63.0" + } + ] + } + } + ] + }, + "vendor_name": "Apostrophe " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Daniel Elkabes" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59", + "name": "https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to version 3.4.0" + } + ], + "source": { + "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25978", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25979.json b/2021/25xxx/CVE-2021-25979.json index 9f9f57dd027..b713c60eec2 100644 --- a/2021/25xxx/CVE-2021-25979.json +++ b/2021/25xxx/CVE-2021-25979.json @@ -1,18 +1,103 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "ID": "CVE-2021-25979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apostrophe - Insufficient Session Expiration" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apostrophe ", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "3.3.1" + }, + { + "version_affected": ">=", + "version_value": "2.63.0" + } + ] + } + } + ] + }, + "vendor_name": "Apostrophe " + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Daniel Elkabes" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Insufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/apostrophecms/apostrophe/commit/c211b211f9f4303a77a307cf41aac9b4ef8d2c7c", + "name": "https://github.com/apostrophecms/apostrophe/commit/c211b211f9f4303a77a307cf41aac9b4ef8d2c7c" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to version 3.4.0" + } + ], + "source": { + "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25979", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26107.json b/2021/26xxx/CVE-2021-26107.json index b1fcbf56a0a..9c98c92e5dc 100644 --- a/2021/26xxx/CVE-2021-26107.json +++ b/2021/26xxx/CVE-2021-26107.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiManager", + "version": { + "version_data": [ + { + "version_value": "FortiManager 6.4.5, 6.4.4" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "Low", + "baseScore": 6.2, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:H/RL:W/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-043", + "url": "https://fortiguard.com/advisory/FG-IR-21-043" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager." } ] } diff --git a/2021/26xxx/CVE-2021-26253.json b/2021/26xxx/CVE-2021-26253.json new file mode 100644 index 00000000000..cb1fe0d82cd --- /dev/null +++ b/2021/26xxx/CVE-2021-26253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-26253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26739.json b/2021/26xxx/CVE-2021-26739.json index 1433d32fa74..e46296efa47 100644 --- a/2021/26xxx/CVE-2021-26739.json +++ b/2021/26xxx/CVE-2021-26739.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26739", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26739", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/millken/doyocms/issues/5", + "refsource": "MISC", + "name": "https://github.com/millken/doyocms/issues/5" } ] } diff --git a/2021/26xxx/CVE-2021-26740.json b/2021/26xxx/CVE-2021-26740.json index 69094df5562..60846236bff 100644 --- a/2021/26xxx/CVE-2021-26740.json +++ b/2021/26xxx/CVE-2021-26740.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26740", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26740", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/millken/doyocms/issues/4", + "refsource": "MISC", + "name": "https://github.com/millken/doyocms/issues/4" } ] } diff --git a/2021/26xxx/CVE-2021-26786.json b/2021/26xxx/CVE-2021-26786.json index ef26a337a43..0b85ace3270 100644 --- a/2021/26xxx/CVE-2021-26786.json +++ b/2021/26xxx/CVE-2021-26786.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26786", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26786", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/customercentric-selling-poland/playtuber/issues/1", + "refsource": "MISC", + "name": "https://github.com/customercentric-selling-poland/playtuber/issues/1" } ] } diff --git a/2021/26xxx/CVE-2021-26822.json b/2021/26xxx/CVE-2021-26822.json index 390239b3629..c749052cd3f 100644 --- a/2021/26xxx/CVE-2021-26822.json +++ b/2021/26xxx/CVE-2021-26822.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.exploit-db.com/exploits/49562", "url": "https://www.exploit-db.com/exploits/49562" + }, + { + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822", + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822" } ] } diff --git a/2021/26xxx/CVE-2021-26844.json b/2021/26xxx/CVE-2021-26844.json index f57042621a1..a12d002d92f 100644 --- a/2021/26xxx/CVE-2021-26844.json +++ b/2021/26xxx/CVE-2021-26844.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26844", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26844", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.poweradmin.com/products/server-monitoring/support/release-notes/", + "url": "https://www.poweradmin.com/products/server-monitoring/support/release-notes/" + }, + { + "refsource": "MISC", + "name": "https://pastebin.com/mrzVTPeV", + "url": "https://pastebin.com/mrzVTPeV" } ] } diff --git a/2021/27xxx/CVE-2021-27004.json b/2021/27xxx/CVE-2021-27004.json index 4fc92038828..070b856cee0 100644 --- a/2021/27xxx/CVE-2021-27004.json +++ b/2021/27xxx/CVE-2021-27004.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27004", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "System Manager 9.x", + "version": { + "version_data": [ + { + "version_value": "System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Disclosure of sensitive information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/NTAP-20211029-0001/", + "url": "https://security.netapp.com/advisory/NTAP-20211029-0001/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials." } ] } diff --git a/2021/27xxx/CVE-2021-27005.json b/2021/27xxx/CVE-2021-27005.json index 03dfe29e475..a0044d008a3 100644 --- a/2021/27xxx/CVE-2021-27005.json +++ b/2021/27xxx/CVE-2021-27005.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Clustered Data ONTAP", + "version": { + "version_data": [ + { + "version_value": "Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/NTAP-20211029-0002/", + "url": "https://security.netapp.com/advisory/NTAP-20211029-0002/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server." } ] } diff --git a/2021/27xxx/CVE-2021-27034.json b/2021/27xxx/CVE-2021-27034.json index bd2c751a0e5..117ad7d71ed 100644 --- a/2021/27xxx/CVE-2021-27034.json +++ b/2021/27xxx/CVE-2021-27034.json @@ -95,7 +95,7 @@ "description_data": [ { "lang": "eng", - "value": "A heap-based buffer overflow could occur while parsing PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code." + "value": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code." } ] } diff --git a/2021/27xxx/CVE-2021-27035.json b/2021/27xxx/CVE-2021-27035.json index 72761c0df78..bdf322ef44b 100644 --- a/2021/27xxx/CVE-2021-27035.json +++ b/2021/27xxx/CVE-2021-27035.json @@ -90,7 +90,7 @@ "description_data": [ { "lang": "eng", - "value": "A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PDF, PICT or DWF files. This vulnerability can be exploited to execute arbitrary code." + "value": "A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability can be exploited to execute arbitrary code." } ] } diff --git a/2021/27xxx/CVE-2021-27036.json b/2021/27xxx/CVE-2021-27036.json index 92cc716476c..83cf4bec9ca 100644 --- a/2021/27xxx/CVE-2021-27036.json +++ b/2021/27xxx/CVE-2021-27036.json @@ -75,7 +75,7 @@ "description_data": [ { "lang": "eng", - "value": "A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code." + "value": "A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL or TIFF files. This vulnerability can be exploited to execute arbitrary code." } ] } diff --git a/2021/27xxx/CVE-2021-27190.json b/2021/27xxx/CVE-2021-27190.json index 68fb525029b..2146bb97540 100644 --- a/2021/27xxx/CVE-2021-27190.json +++ b/2021/27xxx/CVE-2021-27190.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 which is publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc." + "value": "A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc." } ] }, @@ -66,6 +66,16 @@ "refsource": "MISC", "name": "https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS", "url": "https://github.com/anmolksachan/CVE-2021-27190-PEEL-Shopping-cart-9.3.0-Stored-XSS" + }, + { + "refsource": "MISC", + "name": "https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS", + "url": "https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS" + }, + { + "refsource": "MISC", + "name": "https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611", + "url": "https://github.com/advisto/peel-shopping/issues/4#issuecomment-953461611" } ] } diff --git a/2021/27xxx/CVE-2021-27393.json b/2021/27xxx/CVE-2021-27393.json index 4913ee9d247..cd8302c725a 100644 --- a/2021/27xxx/CVE-2021-27393.json +++ b/2021/27xxx/CVE-2021-27393.json @@ -14,6 +14,16 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "Versions including affected DNS modules" + } + ] + } + }, { "product_name": "Nucleus NET", "version": { @@ -25,17 +35,7 @@ } }, { - "product_name": "Nucleus RTOS", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" - } - ] - } - }, - { - "product_name": "Nucleus ReadyStart", + "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { @@ -49,17 +49,7 @@ "version": { "version_data": [ { - "version_value": "versions including affected DNS modules" - } - ] - } - }, - { - "product_name": "VSTAR", - "version": { - "version_data": [ - { - "version_value": "versions including affected DNS modules" + "version_value": "Versions including affected DNS modules" } ] } @@ -86,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving." + "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving." } ] }, diff --git a/2021/27xxx/CVE-2021-27644.json b/2021/27xxx/CVE-2021-27644.json index c21d1841ff0..fb7d14fef6c 100644 --- a/2021/27xxx/CVE-2021-27644.json +++ b/2021/27xxx/CVE-2021-27644.json @@ -1,18 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-27644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "DolphinScheduler mysql jdbc connector parameters deserialize remote code execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache DolphinScheduler", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Apache DolphinScheduler", + "version_value": "1.3.6" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This issue was discovered by Jinchen Sheng of Ant FG Security Lab" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "low" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6%40%3Cdev.dolphinscheduler.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[dolphinscheduler-dev] 20211101 CVE-2021-27644: Apache DolphinScheduler: DolphinScheduler mysql jdbc connector parameters deserialize remote code execution", + "url": "https://lists.apache.org/thread.html/r35d6acf021486a390a7ea09e6650c2fe19e72522bd484791d606a6e6@%3Cdev.dolphinscheduler.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211101 CVE-2021-27644: Apache DolphinScheduler: DolphinScheduler mysql jdbc connector parameters deserialize remote code execution", + "url": "http://www.openwall.com/lists/oss-security/2021/11/01/3" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27722.json b/2021/27xxx/CVE-2021-27722.json index 2b459a22c30..19680707082 100644 --- a/2021/27xxx/CVE-2021-27722.json +++ b/2021/27xxx/CVE-2021-27722.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27722", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27722", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the \"Key\" or \"Name\" field while registering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49590", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49590" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49638", + "url": "https://www.exploit-db.com/exploits/49638" } ] } diff --git a/2021/27xxx/CVE-2021-27723.json b/2021/27xxx/CVE-2021-27723.json index 90d3474a8d3..b577621b6db 100644 --- a/2021/27xxx/CVE-2021-27723.json +++ b/2021/27xxx/CVE-2021-27723.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-27723", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2021/27xxx/CVE-2021-27836.json b/2021/27xxx/CVE-2021-27836.json index 7e5b5440885..7debc28007f 100644 --- a/2021/27xxx/CVE-2021-27836.json +++ b/2021/27xxx/CVE-2021-27836.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27836", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27836", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libxls/libxls/issues/94", + "refsource": "MISC", + "name": "https://github.com/libxls/libxls/issues/94" } ] } diff --git a/2021/28xxx/CVE-2021-28021.json b/2021/28xxx/CVE-2021-28021.json index 7fc8368fb2b..4ff24f57d6e 100644 --- a/2021/28xxx/CVE-2021-28021.json +++ b/2021/28xxx/CVE-2021-28021.json @@ -56,6 +56,31 @@ "url": "https://github.com/nothings/stb/issues/1108", "refsource": "MISC", "name": "https://github.com/nothings/stb/issues/1108" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-001f25d986", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-f8ba4a690e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3fc69d203c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-8ea648186c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-16d848834d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/" } ] } diff --git a/2021/28xxx/CVE-2021-28022.json b/2021/28xxx/CVE-2021-28022.json index d74aacd917e..99e16e9982a 100644 --- a/2021/28xxx/CVE-2021-28022.json +++ b/2021/28xxx/CVE-2021-28022.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28022", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28022", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.servicetonic.com/", + "refsource": "MISC", + "name": "https://www.servicetonic.com/" + }, + { + "refsource": "MISC", + "name": "https://www.srlabs.de/bites/chaining-three-zero-day-exploits-in-itsm-software-servicetonic-for-remote-code-execution", + "url": "https://www.srlabs.de/bites/chaining-three-zero-day-exploits-in-itsm-software-servicetonic-for-remote-code-execution" } ] } diff --git a/2021/28xxx/CVE-2021-28023.json b/2021/28xxx/CVE-2021-28023.json index db8d7c844ba..abb4731778f 100644 --- a/2021/28xxx/CVE-2021-28023.json +++ b/2021/28xxx/CVE-2021-28023.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28023", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28023", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.servicetonic.com/", + "refsource": "MISC", + "name": "https://www.servicetonic.com/" + }, + { + "refsource": "MISC", + "name": "https://www.srlabs.de/bites/chaining-three-zero-day-exploits-in-itsm-software-servicetonic-for-remote-code-execution", + "url": "https://www.srlabs.de/bites/chaining-three-zero-day-exploits-in-itsm-software-servicetonic-for-remote-code-execution" } ] } diff --git a/2021/28xxx/CVE-2021-28024.json b/2021/28xxx/CVE-2021-28024.json index 545601af3cb..9b9b111bf5b 100644 --- a/2021/28xxx/CVE-2021-28024.json +++ b/2021/28xxx/CVE-2021-28024.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28024", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28024", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.servicetonic.com/", + "refsource": "MISC", + "name": "https://www.servicetonic.com/" + }, + { + "refsource": "MISC", + "name": "https://www.srlabs.de/bites/chaining-three-zero-day-exploits-in-itsm-software-servicetonic-for-remote-code-execution", + "url": "https://www.srlabs.de/bites/chaining-three-zero-day-exploits-in-itsm-software-servicetonic-for-remote-code-execution" } ] } diff --git a/2021/28xxx/CVE-2021-28702.json b/2021/28xxx/CVE-2021-28702.json index ddef0dd3588..60f69ece1df 100644 --- a/2021/28xxx/CVE-2021-28702.json +++ b/2021/28xxx/CVE-2021-28702.json @@ -104,6 +104,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-0b7a484688", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDPRMOBBLS74ONYP3IXZZXSTLKR7GRQB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-829f5f2f43", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OIHEJ3R3EH5DYI2I5UMD2ULJ2ELA3EX/" } ] }, diff --git a/2021/28xxx/CVE-2021-28960.json b/2021/28xxx/CVE-2021-28960.json index 844cbc4cfe6..0ef3abb3cb6 100644 --- a/2021/28xxx/CVE-2021-28960.json +++ b/2021/28xxx/CVE-2021-28960.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ManageEngine Desktop Central before build 10.0.683 allows Unauthenticated Remote Code Execution during communication with Notification Server." + "value": "Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations." } ] }, diff --git a/2021/29xxx/CVE-2021-29063.json b/2021/29xxx/CVE-2021-29063.json index 79544bc4de0..cdaca727c80 100644 --- a/2021/29xxx/CVE-2021-29063.json +++ b/2021/29xxx/CVE-2021-29063.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-244a18163c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MS2U6GLXQSRZJE2HVUAUMVFR2DWQLCZG/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-bc2153d8f0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUX3XWY2K3MSO7QXMZXQQYAURARSPC5/" } ] } diff --git a/2021/29xxx/CVE-2021-29212.json b/2021/29xxx/CVE-2021-29212.json index f5fe1f07a88..03df2978a6e 100644 --- a/2021/29xxx/CVE-2021-29212.json +++ b/2021/29xxx/CVE-2021-29212.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "iLO Amplifier Pack", + "version": { + "version_data": [ + { + "version_value": "Ver 1.80, Ver 1.81, Ver 1.90, and Ver 1.95" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04189en_us" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1278/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1278/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance." } ] } diff --git a/2021/29xxx/CVE-2021-29213.json b/2021/29xxx/CVE-2021-29213.json index 826978dbb9c..9ddc5103c95 100644 --- a/2021/29xxx/CVE-2021-29213.json +++ b/2021/29xxx/CVE-2021-29213.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE ProLiant ML30 Gen10 Server; HPE ProLiant DL20 Gen10 Server; HPE ProLiant MicroServer Gen10 Plus", + "version": { + "version_data": [ + { + "version_value": "Prior to system ROM v2.52" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local bypass security restrictions; local compromise of system integrity; local denial of service (DoS); local disclosure of sensitive information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04197en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04197en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity." } ] } diff --git a/2021/29xxx/CVE-2021-29243.json b/2021/29xxx/CVE-2021-29243.json index 2bfc433991d..7e4dc14387f 100644 --- a/2021/29xxx/CVE-2021-29243.json +++ b/2021/29xxx/CVE-2021-29243.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29243", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29243", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html", + "refsource": "MISC", + "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" + }, + { + "refsource": "MISC", + "name": "https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833", + "url": "https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29735.json b/2021/29xxx/CVE-2021-29735.json index e42ce81c7ca..49b66769fc3 100644 --- a/2021/29xxx/CVE-2021-29735.json +++ b/2021/29xxx/CVE-2021-29735.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-29735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6514007", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 6514007 (Security Guardium)", + "name" : "https://www.ibm.com/support/pages/node/6514007" + }, + { + "title" : "X-Force Vulnerability Report", + "name" : "ibm-guardium-cve202129735-xss (201239)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/201239" + } + ] + }, + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "10.6" + }, + { + "version_value" : "11.0" + }, + { + "version_value" : "11.1" + }, + { + "version_value" : "11.2" + }, + { + "version_value" : "11.3" + } + ] + }, + "product_name" : "Security Guardium" + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "impact" : { + "cvssv3" : { + "BM" : { + "AV" : "N", + "PR" : "H", + "UI" : "R", + "SCORE" : "4.800", + "AC" : "L", + "S" : "C", + "A" : "N", + "C" : "L", + "I" : "L" + }, + "TM" : { + "RC" : "C", + "E" : "H", + "RL" : "O" + } + } + }, + "data_version" : "4.0", + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Cross-Site Scripting", + "lang" : "eng" + } + ] + } + ] + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "CVE_data_meta" : { + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2021-29735", + "DATE_PUBLIC" : "2021-11-05T00:00:00" + } +} diff --git a/2021/29xxx/CVE-2021-29737.json b/2021/29xxx/CVE-2021-29737.json index 4a1cc0ac129..3da61416967 100644 --- a/2021/29xxx/CVE-2021-29737.json +++ b/2021/29xxx/CVE-2021-29737.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-29737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301." } ] + }, + "data_type": "CVE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "S": "U", + "SCORE": "5.900", + "AV": "N", + "I": "N", + "PR": "N", + "UI": "N", + "C": "H", + "A": "N", + "AC": "H" + } + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2021-29737", + "DATE_PUBLIC": "2021-10-29T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6509086 (InfoSphere Information Server)", + "name": "https://www.ibm.com/support/pages/node/6509086", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6509086" + }, + { + "name": "ibm-infosphere-cve202129737-info-disc (201301)", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201301", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29738.json b/2021/29xxx/CVE-2021-29738.json index 7e557aad9f8..31140324455 100644 --- a/2021/29xxx/CVE-2021-29738.json +++ b/2021/29xxx/CVE-2021-29738.json @@ -1,17 +1,89 @@ { - "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-29738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "PR": "L", + "I": "L", + "A": "N", + "AC": "L", + "C": "L", + "UI": "R", + "SCORE": "5.400", + "S": "C", + "AV": "N" + } + } }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "data_version": "4.0", + "data_type": "CVE", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2021-29738", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-29T00:00:00" + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6509084 (InfoSphere Information Server)", + "name": "https://www.ibm.com/support/pages/node/6509084", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6509084" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201302", + "name": "ibm-infosphere-cve202129738-ssrf (201302)", + "title": "X-Force Vulnerability Report" } ] } diff --git a/2021/29xxx/CVE-2021-29753.json b/2021/29xxx/CVE-2021-29753.json index 4c855aae649..82cc3d2aa0b 100644 --- a/2021/29xxx/CVE-2021-29753.json +++ b/2021/29xxx/CVE-2021-29753.json @@ -1,18 +1,112 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-29753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "references" : { + "reference_data" : [ + { + "url" : "https://www.ibm.com/support/pages/node/6513703", + "refsource" : "CONFIRM", + "name" : "https://www.ibm.com/support/pages/node/6513703", + "title" : "IBM Security Bulletin 6513703 (Business Automation Workflow)" + }, + { + "title" : "X-Force Vulnerability Report", + "refsource" : "XF", + "name" : "ibm-baw-cve202129753-info-disc (201919)", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/201919" + } + ] + }, + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "value" : "Obtain Information", + "lang" : "eng" + } + ] + } + ] + }, + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "PR" : "N", + "C" : "H", + "S" : "U", + "AV" : "N", + "UI" : "N", + "A" : "N", + "AC" : "H", + "SCORE" : "5.900", + "I" : "N" + } + } + }, + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2021-11-04T00:00:00", + "ID" : "CVE-2021-29753", + "STATE" : "PUBLIC" + }, + "data_type" : "CVE", + "data_format" : "MITRE", + "data_version" : "4.0", + "affects" : { + "vendor" : { + "vendor_data" : [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product" : { + "product_data" : [ + { + "product_name" : "Business Process Manager", + "version" : { + "version_data" : [ + { + "version_value" : "8.5" + }, + { + "version_value" : "8.6" + } + ] + } + }, + { + "product_name" : "Business Automation Workflow", + "version" : { + "version_data" : [ + { + "version_value" : "18.0" + }, + { + "version_value" : "19.0" + }, + { + "version_value" : "20.0" + }, + { + "version_value" : "21.0" + } + ] + } + } + ] + }, + "vendor_name" : "IBM" } - ] - } -} \ No newline at end of file + ] + } + } +} diff --git a/2021/29xxx/CVE-2021-29771.json b/2021/29xxx/CVE-2021-29771.json index 901aa3e7f0d..5bc91b91fd5 100644 --- a/2021/29xxx/CVE-2021-29771.json +++ b/2021/29xxx/CVE-2021-29771.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29771", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2021-10-29T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-29771" }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6509614 (InfoSphere Information Server)", + "name": "https://www.ibm.com/support/pages/node/6509614", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6509614" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202773", + "name": "ibm-infosphere-cve202129771-xss (202773)", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + }, + "product_name": "InfoSphere Information Server" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + }, + "BM": { + "AV": "N", + "SCORE": "5.400", + "S": "C", + "AC": "L", + "A": "N", + "UI": "R", + "C": "L", + "PR": "L", + "I": "L" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "data_format": "MITRE", "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "lang": "eng" } ] - } + }, + "data_version": "4.0", + "data_type": "CVE" } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29843.json b/2021/29xxx/CVE-2021-29843.json index 862a89ffc4c..17170a1c4dc 100644 --- a/2021/29xxx/CVE-2021-29843.json +++ b/2021/29xxx/CVE-2021-29843.json @@ -1,17 +1,98 @@ { - "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", + "data_type": "CVE", "CVE_data_meta": { "ID": "CVE-2021-29843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "DATE_PUBLIC": "2021-11-05T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MQ Appliance", + "version": { + "version_data": [ + { + "version_value": "9.1.LTS" + }, + { + "version_value": "9.1.CD" + }, + { + "version_value": "9.2.LTS" + }, + { + "version_value": "9.2.CD" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203." + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6513681", + "title": "IBM Security Bulletin 6513681 (MQ Appliance)", + "url": "https://www.ibm.com/support/pages/node/6513681", + "refsource": "CONFIRM" + }, + { + "name": "ibm-mq-cve202129843-dos (205203)", + "title": "X-Force Vulnerability Report", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/205203" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "C": "N", + "AC": "H", + "S": "U", + "SCORE": "5.300", + "A": "H", + "UI": "N", + "PR": "L", + "AV": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] } ] } diff --git a/2021/29xxx/CVE-2021-29875.json b/2021/29xxx/CVE-2021-29875.json index a241396b459..c04043af3a1 100644 --- a/2021/29xxx/CVE-2021-29875.json +++ b/2021/29xxx/CVE-2021-29875.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29875", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "DATE_PUBLIC": "2021-10-29T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6509616 (InfoSphere Information Server)", + "url": "https://www.ibm.com/support/pages/node/6509616", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6509616" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206572", + "name": "ibm-infosphere-cve202129875-info-disc (206572)", + "refsource": "XF", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572." } ] - } + }, + "data_type": "CVE", + "data_version": "4.0", + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "C": "H", + "AC": "H", + "A": "N", + "I": "N", + "PR": "N", + "AV": "N", + "S": "U", + "SCORE": "5.900" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_format": "MITRE" } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29888.json b/2021/29xxx/CVE-2021-29888.json index 7441012683c..21fb6abeb2f 100644 --- a/2021/29xxx/CVE-2021-29888.json +++ b/2021/29xxx/CVE-2021-29888.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6509618", + "url": "https://www.ibm.com/support/pages/node/6509618", + "title": "IBM Security Bulletin 6509618 (InfoSphere Information Server)" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207123", + "name": "ibm-infosphere-cve202129888-csrf (207123)", + "refsource": "XF" + } + ] + }, "CVE_data_meta": { "ID": "CVE-2021-29888", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "DATE_PUBLIC": "2021-10-29T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" }, + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123." } ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "PR": "N", + "I": "H", + "AC": "L", + "A": "N", + "C": "N", + "UI": "R", + "SCORE": "6.500", + "S": "U", + "AV": "N" + } + } } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29991.json b/2021/29xxx/CVE-2021-29991.json index 156bc9bc1e1..ac1359162b1 100644 --- a/2021/29xxx/CVE-2021-29991.json +++ b/2021/29xxx/CVE-2021-29991.json @@ -4,14 +4,75 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91.0.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.0.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Header Splitting possible with HTTP/3 Responses" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-37/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-37/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1724896", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1724896" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1." } ] } diff --git a/2021/29xxx/CVE-2021-29993.json b/2021/29xxx/CVE-2021-29993.json index de6350ce505..4b22064c89f 100644 --- a/2021/29xxx/CVE-2021-29993.json +++ b/2021/29xxx/CVE-2021-29993.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "92", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Handling custom intents could lead to crashes and UI spoofs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-38/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-38/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1712242%2C1708767%2C1712240%2C1708544%2C1729259", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1712242%2C1708767%2C1712240%2C1708544%2C1729259" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92." } ] } diff --git a/2021/29xxx/CVE-2021-29994.json b/2021/29xxx/CVE-2021-29994.json index 0de005e3928..008af9e772c 100644 --- a/2021/29xxx/CVE-2021-29994.json +++ b/2021/29xxx/CVE-2021-29994.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29994", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29994", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloudera Hue 4.6.0 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cloudera/hue", + "refsource": "MISC", + "name": "https://github.com/cloudera/hue" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html", + "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" + }, + { + "refsource": "CONFIRM", + "name": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634", + "url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634" } ] } diff --git a/2021/30xxx/CVE-2021-30132.json b/2021/30xxx/CVE-2021-30132.json index 00508bb0656..69c2abb2d0a 100644 --- a/2021/30xxx/CVE-2021-30132.json +++ b/2021/30xxx/CVE-2021-30132.json @@ -1,18 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30132", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30132", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html", + "refsource": "MISC", + "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html" + }, + { + "refsource": "MISC", + "name": "https://my.cloudera.com/knowledge/TSB-2021-491-Authorization-Bypass-in-Cloudera-Manager?id=314482", + "url": "https://my.cloudera.com/knowledge/TSB-2021-491-Authorization-Bypass-in-Cloudera-Manager?id=314482" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30542.json b/2021/30xxx/CVE-2021-30542.json index 23c589929ea..b1e45094597 100644 --- a/2021/30xxx/CVE-2021-30542.json +++ b/2021/30xxx/CVE-2021-30542.json @@ -64,6 +64,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30543.json b/2021/30xxx/CVE-2021-30543.json index 9716f117aa2..b7c08d68259 100644 --- a/2021/30xxx/CVE-2021-30543.json +++ b/2021/30xxx/CVE-2021-30543.json @@ -64,6 +64,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30625.json b/2021/30xxx/CVE-2021-30625.json index 5c9c3be10f3..25a463a514c 100644 --- a/2021/30xxx/CVE-2021-30625.json +++ b/2021/30xxx/CVE-2021-30625.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30626.json b/2021/30xxx/CVE-2021-30626.json index aad81216d8a..2fb98a00827 100644 --- a/2021/30xxx/CVE-2021-30626.json +++ b/2021/30xxx/CVE-2021-30626.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30627.json b/2021/30xxx/CVE-2021-30627.json index 8e3346aff6d..cfc6f012123 100644 --- a/2021/30xxx/CVE-2021-30627.json +++ b/2021/30xxx/CVE-2021-30627.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30628.json b/2021/30xxx/CVE-2021-30628.json index 2dc17923834..e3d0d156f8e 100644 --- a/2021/30xxx/CVE-2021-30628.json +++ b/2021/30xxx/CVE-2021-30628.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30629.json b/2021/30xxx/CVE-2021-30629.json index 41f0550ca7e..aff8752c7b1 100644 --- a/2021/30xxx/CVE-2021-30629.json +++ b/2021/30xxx/CVE-2021-30629.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30630.json b/2021/30xxx/CVE-2021-30630.json index 956b3ae0118..2377c65d48c 100644 --- a/2021/30xxx/CVE-2021-30630.json +++ b/2021/30xxx/CVE-2021-30630.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30631.json b/2021/30xxx/CVE-2021-30631.json index bf6aa4b519f..5525f9731b5 100644 --- a/2021/30xxx/CVE-2021-30631.json +++ b/2021/30xxx/CVE-2021-30631.json @@ -5,14 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2021-30631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2021/30xxx/CVE-2021-30632.json b/2021/30xxx/CVE-2021-30632.json index 877d0d7da29..636e802cc7f 100644 --- a/2021/30xxx/CVE-2021-30632.json +++ b/2021/30xxx/CVE-2021-30632.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30633.json b/2021/30xxx/CVE-2021-30633.json index 6ba8f0a7cf7..39707b5bbcd 100644 --- a/2021/30xxx/CVE-2021-30633.json +++ b/2021/30xxx/CVE-2021-30633.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/30xxx/CVE-2021-30846.json b/2021/30xxx/CVE-2021-30846.json index 1db39743ecd..5b362408229 100644 --- a/2021/30xxx/CVE-2021-30846.json +++ b/2021/30xxx/CVE-2021-30846.json @@ -153,6 +153,26 @@ "refsource": "MLIST", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4995", + "url": "https://www.debian.org/security/2021/dsa-4995" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4996", + "url": "https://www.debian.org/security/2021/dsa-4996" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-131360fa9a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-483d896d1d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/" } ] }, diff --git a/2021/30xxx/CVE-2021-30851.json b/2021/30xxx/CVE-2021-30851.json index 1163ffa5eb4..dc74c742860 100644 --- a/2021/30xxx/CVE-2021-30851.json +++ b/2021/30xxx/CVE-2021-30851.json @@ -97,6 +97,31 @@ "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212816", "name": "https://support.apple.com/en-us/HT212816" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4995", + "url": "https://www.debian.org/security/2021/dsa-4995" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4996", + "url": "https://www.debian.org/security/2021/dsa-4996" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211031 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", + "url": "http://www.openwall.com/lists/oss-security/2021/10/31/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-131360fa9a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-483d896d1d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/" } ] }, diff --git a/2021/31xxx/CVE-2021-31344.json b/2021/31xxx/CVE-2021-31344.json index 2a871eb3b1c..02a2029c8eb 100644 --- a/2021/31xxx/CVE-2021-31344.json +++ b/2021/31xxx/CVE-2021-31344.json @@ -1,17 +1,206 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31344", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.1" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31345.json b/2021/31xxx/CVE-2021-31345.json index ab909b117f6..53ab6103c78 100644 --- a/2021/31xxx/CVE-2021-31345.json +++ b/2021/31xxx/CVE-2021-31345.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31345", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31345", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284: Improper Validation of Specified Quantity in Input" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31346.json b/2021/31xxx/CVE-2021-31346.json index 020f94b6604..1ee6a704c7d 100644 --- a/2021/31xxx/CVE-2021-31346.json +++ b/2021/31xxx/CVE-2021-31346.json @@ -1,17 +1,206 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31346", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31346", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.1" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284: Improper Validation of Specified Quantity in Input" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31359.json b/2021/31xxx/CVE-2021-31359.json index 12decdb2b6d..c071d715076 100644 --- a/2021/31xxx/CVE-2021-31359.json +++ b/2021/31xxx/CVE-2021-31359.json @@ -107,6 +107,12 @@ ] } }, + "configuration": [ + { + "lang": "eng", + "value": "There are several configuration options that enable DHCP service. For example:\n\n [edit interfaces ... family inet dhcp]\n\n [edit system processes dhcp-service]\n\n [edit forwarding-options dhcp-relay]\n" + } + ], "credit": [ { "lang": "eng", @@ -120,7 +126,7 @@ "description_data": [ { "lang": "eng", - "value": "A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO." + "value": "A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO." } ] }, diff --git a/2021/31xxx/CVE-2021-31360.json b/2021/31xxx/CVE-2021-31360.json index 45842ac4a3b..4d7465a6b4b 100644 --- a/2021/31xxx/CVE-2021-31360.json +++ b/2021/31xxx/CVE-2021-31360.json @@ -107,6 +107,12 @@ ] } }, + "configuration": [ + { + "lang": "eng", + "value": "There are several configuration options that enable DHCP service. For example:\n\n [edit interfaces ... family inet dhcp]\n\n [edit system processes dhcp-service]\n\n [edit forwarding-options dhcp-relay]" + } + ], "credit": [ { "lang": "eng", @@ -120,7 +126,7 @@ "description_data": [ { "lang": "eng", - "value": "An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO." + "value": "An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO." } ] }, diff --git a/2021/31xxx/CVE-2021-31371.json b/2021/31xxx/CVE-2021-31371.json index d6f61b4d4b0..58feeffdfde 100644 --- a/2021/31xxx/CVE-2021-31371.json +++ b/2021/31xxx/CVE-2021-31371.json @@ -4,7 +4,7 @@ "DATE_PUBLIC": "2021-10-13T16:00:00.000Z", "ID": "CVE-2021-31371", "STATE": "PUBLIC", - "TITLE": "Junos OS: QFX5110 Series: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces." + "TITLE": "Junos OS: QFX5000 Series: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces." }, "affects": { "vendor": { @@ -17,78 +17,78 @@ "version": { "version_data": [ { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_value": "17.3R3-S12" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "18.1", "version_value": "18.1R3-S13" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "18.3", "version_value": "18.3R3-S5" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "19.1", "version_value": "19.1R3-S6" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "19.2", "version_value": "19.2R1-S7, 19.2R3-S3" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "19.3", "version_value": "19.3R2-S6, 19.3R3-S3" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "19.4", "version_value": "19.4R1-S4, 19.4R3-S5" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "20.1", "version_value": "20.1R2-S2, 20.1R3-S1" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "20.2", "version_value": "20.2R3-S2" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "20.3", "version_value": "20.3R3-S1" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "20.4", "version_value": "20.4R2-S1, 20.4R3" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "21.1", "version_value": "21.1R1-S1, 21.1R2" }, { - "platform": "QFX5110 Series", + "platform": "QFX5000 Series", "version_affected": "<", "version_name": "21.2", "version_value": "21.2R1" @@ -110,7 +110,7 @@ "description_data": [ { "lang": "eng", - "value": "Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5110 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects: Juniper Networks Junos OS on QFX5110 Series: All versions prior to 17.3R3-S12; 18.1 versions prior to 18.1R3-S13; 18.3 versions prior to 18.3R3-S5; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2;" + "value": "Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS on QFX5110, QFX5120, QFX5200, QFX5210 Series, and QFX5100 with QFX 5e Series image installed: All versions prior to 17.3R3-S12; 18.1 versions prior to 18.1R3-S13; 18.3 versions prior to 18.3R3-S5; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2;" } ] }, diff --git a/2021/31xxx/CVE-2021-31556.json b/2021/31xxx/CVE-2021-31556.json index 2cce511429d..4ae6034a0ae 100644 --- a/2021/31xxx/CVE-2021-31556.json +++ b/2021/31xxx/CVE-2021-31556.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-56d8173b5e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3dd1b66cbf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" } ] } diff --git a/2021/31xxx/CVE-2021-31559.json b/2021/31xxx/CVE-2021-31559.json new file mode 100644 index 00000000000..08e7b8ca3c5 --- /dev/null +++ b/2021/31xxx/CVE-2021-31559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31599.json b/2021/31xxx/CVE-2021-31599.json index 9304724ff73..b273fb0d9cd 100644 --- a/2021/31xxx/CVE-2021-31599.json +++ b/2021/31xxx/CVE-2021-31599.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31599", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31599", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164772/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/164772/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Remote-Code-Execution.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31600.json b/2021/31xxx/CVE-2021-31600.json index 2dc26122a83..5ea583692f4 100644 --- a/2021/31xxx/CVE-2021-31600.json +++ b/2021/31xxx/CVE-2021-31600.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31600", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31600", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164787/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-User-Enumeration.html", + "url": "http://packetstormsecurity.com/files/164787/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-User-Enumeration.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31601.json b/2021/31xxx/CVE-2021-31601.json index 25af0ff40f1..dc0960a1071 100644 --- a/2021/31xxx/CVE-2021-31601.json +++ b/2021/31xxx/CVE-2021-31601.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31601", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31601", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164779/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Insufficient-Access-Control.html", + "url": "http://packetstormsecurity.com/files/164779/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Insufficient-Access-Control.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31602.json b/2021/31xxx/CVE-2021-31602.json index 1768b7f4967..85ee71a4b5d 100644 --- a/2021/31xxx/CVE-2021-31602.json +++ b/2021/31xxx/CVE-2021-31602.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31602", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31602", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164784/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/164784/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Authentication-Bypass.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31682.json b/2021/31xxx/CVE-2021-31682.json index 79e852b0992..dc763d420e5 100644 --- a/2021/31xxx/CVE-2021-31682.json +++ b/2021/31xxx/CVE-2021-31682.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/3ndG4me/WebCTRL-OperatorLocale-Parameter-Reflected-XSS", "url": "https://github.com/3ndG4me/WebCTRL-OperatorLocale-Parameter-Reflected-XSS" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164707/WebCTRL-OEM-6.5-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/164707/WebCTRL-OEM-6.5-Cross-Site-Scripting.html" } ] } diff --git a/2021/31xxx/CVE-2021-31848.json b/2021/31xxx/CVE-2021-31848.json index fcc2b292537..660a86aaae2 100644 --- a/2021/31xxx/CVE-2021-31848.json +++ b/2021/31xxx/CVE-2021-31848.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2021-31848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Data Loss Prevention (DLP) ePO extension - Cross site scripting (XSS)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Loss Prevention (DLP) ePO extension", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7.100" + }, + { + "version_affected": "<", + "version_value": "11.6.400" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10371", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10371" + } + ] + }, + "source": { + "advisory": "SB10371", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31849.json b/2021/31xxx/CVE-2021-31849.json index 1a0edae9ce2..579ca5f1b6a 100644 --- a/2021/31xxx/CVE-2021-31849.json +++ b/2021/31xxx/CVE-2021-31849.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", "ID": "CVE-2021-31849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Data Loss Prevention (DLP) ePO extension - SQL injection" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Loss Prevention (DLP) ePO extension", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "11.7.100" + }, + { + "version_affected": "<", + "version_value": "11.6.400" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10371", + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10371" + } + ] + }, + "source": { + "advisory": "SB10371", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31881.json b/2021/31xxx/CVE-2021-31881.json index d51959f67c1..23b0ad41960 100644 --- a/2021/31xxx/CVE-2021-31881.json +++ b/2021/31xxx/CVE-2021-31881.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31881", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31881", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31882.json b/2021/31xxx/CVE-2021-31882.json index f4953b7930a..e8cdbb999ad 100644 --- a/2021/31xxx/CVE-2021-31882.json +++ b/2021/31xxx/CVE-2021-31882.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31882", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31882", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31883.json b/2021/31xxx/CVE-2021-31883.json index ba3f9cd973e..055a855a360 100644 --- a/2021/31xxx/CVE-2021-31883.json +++ b/2021/31xxx/CVE-2021-31883.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31883", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31883", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31884.json b/2021/31xxx/CVE-2021-31884.json index 19225417c6e..89ed5a9b56b 100644 --- a/2021/31xxx/CVE-2021-31884.json +++ b/2021/31xxx/CVE-2021-31884.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31884", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-170: Improper Null Termination" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31885.json b/2021/31xxx/CVE-2021-31885.json index 8f86b666a9e..64fb029c647 100644 --- a/2021/31xxx/CVE-2021-31885.json +++ b/2021/31xxx/CVE-2021-31885.json @@ -1,17 +1,206 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31885", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31885", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.1" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-805: Buffer Access with Incorrect Length Value" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31886.json b/2021/31xxx/CVE-2021-31886.json index b12aa315d78..3e9e9fc454a 100644 --- a/2021/31xxx/CVE-2021-31886.json +++ b/2021/31xxx/CVE-2021-31886.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31886", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31886", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-170: Improper Null Termination" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31887.json b/2021/31xxx/CVE-2021-31887.json index 2f70f4a8611..2080d3cbe73 100644 --- a/2021/31xxx/CVE-2021-31887.json +++ b/2021/31xxx/CVE-2021-31887.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31887", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31887", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-170: Improper Null Termination" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31888.json b/2021/31xxx/CVE-2021-31888.json index 052a3d5000f..4bd2926845a 100644 --- a/2021/31xxx/CVE-2021-31888.json +++ b/2021/31xxx/CVE-2021-31888.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31888", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31888", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-170: Improper Null Termination" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31889.json b/2021/31xxx/CVE-2021-31889.json index 81998adfd1c..cff4681d849 100644 --- a/2021/31xxx/CVE-2021-31889.json +++ b/2021/31xxx/CVE-2021-31889.json @@ -1,17 +1,196 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31889", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31889", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191: Integer Underflow (Wrap or Wraparound)" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31890.json b/2021/31xxx/CVE-2021-31890.json index 81298367118..f4af590c394 100644 --- a/2021/31xxx/CVE-2021-31890.json +++ b/2021/31xxx/CVE-2021-31890.json @@ -1,17 +1,206 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-31890", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-31890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "APOGEE MBC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Compact (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "APOGEE PXC Modular (P2 Ethernet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Capital VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V3", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.4" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart V4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.1" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Compact (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TALON TC Modular (BACnet)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-240: Improper Handling of Inconsistent Structural Elements" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" } ] } diff --git a/2021/32xxx/CVE-2021-32481.json b/2021/32xxx/CVE-2021-32481.json index d7a3dc76409..a3e85d5a3c8 100644 --- a/2021/32xxx/CVE-2021-32481.json +++ b/2021/32xxx/CVE-2021-32481.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-32481", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-32481", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloudera Hue 4.6.0 allows XSS via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue", + "refsource": "MISC", + "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue" + }, + { + "refsource": "CONFIRM", + "name": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634", + "url": "https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634" } ] } diff --git a/2021/32xxx/CVE-2021-32482.json b/2021/32xxx/CVE-2021-32482.json index 470a7285166..3586d134a34 100644 --- a/2021/32xxx/CVE-2021-32482.json +++ b/2021/32xxx/CVE-2021-32482.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-32482", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-32482", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager", + "refsource": "MISC", + "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager" + }, + { + "refsource": "MISC", + "name": "https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833", + "url": "https://my.cloudera.com/knowledge/TSB-2021-488-Cloudera-Manager-is-vulnerable-to-Cross-Site?id=322833" } ] } diff --git a/2021/32xxx/CVE-2021-32483.json b/2021/32xxx/CVE-2021-32483.json index a4cdd191792..e40686fe5ad 100644 --- a/2021/32xxx/CVE-2021-32483.json +++ b/2021/32xxx/CVE-2021-32483.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-32483", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-32483", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager", + "refsource": "MISC", + "name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#cloudera_manager" + }, + { + "refsource": "MISC", + "name": "https://my.cloudera.com/knowledge/TSB-2021-491-Authorization-Bypass-in-Cloudera-Manager?id=314482", + "url": "https://my.cloudera.com/knowledge/TSB-2021-491-Authorization-Bypass-in-Cloudera-Manager?id=314482" } ] } diff --git a/2021/32xxx/CVE-2021-32558.json b/2021/32xxx/CVE-2021-32558.json index 786e1bf32c2..64679d1486b 100644 --- a/2021/32xxx/CVE-2021-32558.json +++ b/2021/32xxx/CVE-2021-32558.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210804 [SECURITY] [DLA 2729-1] asterisk security update", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00005.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4999", + "url": "https://www.debian.org/security/2021/dsa-4999" } ] } diff --git a/2021/32xxx/CVE-2021-32595.json b/2021/32xxx/CVE-2021-32595.json index c51495e9f5a..c00ae1aff7e 100644 --- a/2021/32xxx/CVE-2021-32595.json +++ b/2021/32xxx/CVE-2021-32595.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal before 6.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 6.4, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:U/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-096", + "url": "https://fortiguard.com/advisory/FG-IR-21-096" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests." } ] } diff --git a/2021/32xxx/CVE-2021-32626.json b/2021/32xxx/CVE-2021-32626.json index da05c6029b3..5a3c1cce78c 100644 --- a/2021/32xxx/CVE-2021-32626.json +++ b/2021/32xxx/CVE-2021-32626.json @@ -107,6 +107,21 @@ "refsource": "MLIST", "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3", "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-aa94492a09", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/32xxx/CVE-2021-32627.json b/2021/32xxx/CVE-2021-32627.json index 603472bb14c..869e3023685 100644 --- a/2021/32xxx/CVE-2021-32627.json +++ b/2021/32xxx/CVE-2021-32627.json @@ -102,6 +102,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-61c487f241", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-aa94492a09", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/32xxx/CVE-2021-32628.json b/2021/32xxx/CVE-2021-32628.json index 783c74bc36e..b89597efecc 100644 --- a/2021/32xxx/CVE-2021-32628.json +++ b/2021/32xxx/CVE-2021-32628.json @@ -102,6 +102,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-61c487f241", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-aa94492a09", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/32xxx/CVE-2021-32672.json b/2021/32xxx/CVE-2021-32672.json index f5aef4eb74e..01d4c9549fb 100644 --- a/2021/32xxx/CVE-2021-32672.json +++ b/2021/32xxx/CVE-2021-32672.json @@ -94,6 +94,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-61c487f241", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-aa94492a09", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/32xxx/CVE-2021-32675.json b/2021/32xxx/CVE-2021-32675.json index d9819c5a02e..7e68dd1c4c4 100644 --- a/2021/32xxx/CVE-2021-32675.json +++ b/2021/32xxx/CVE-2021-32675.json @@ -99,6 +99,21 @@ "refsource": "MLIST", "name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections", "url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47@%3Cnotifications.geode.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-aa94492a09", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/32xxx/CVE-2021-32686.json b/2021/32xxx/CVE-2021-32686.json index 842dfa58169..66de3fd917a 100644 --- a/2021/32xxx/CVE-2021-32686.json +++ b/2021/32xxx/CVE-2021-32686.json @@ -88,6 +88,11 @@ "name": "https://github.com/pjsip/pjproject/releases/tag/2.11.1", "refsource": "MISC", "url": "https://github.com/pjsip/pjproject/releases/tag/2.11.1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4999", + "url": "https://www.debian.org/security/2021/dsa-4999" } ] }, diff --git a/2021/32xxx/CVE-2021-32687.json b/2021/32xxx/CVE-2021-32687.json index 0cc8148bab8..95c6e4c82b1 100644 --- a/2021/32xxx/CVE-2021-32687.json +++ b/2021/32xxx/CVE-2021-32687.json @@ -102,6 +102,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-61c487f241", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-aa94492a09", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/32xxx/CVE-2021-32749.json b/2021/32xxx/CVE-2021-32749.json index 91855b5eb8d..e83086095b5 100644 --- a/2021/32xxx/CVE-2021-32749.json +++ b/2021/32xxx/CVE-2021-32749.json @@ -94,6 +94,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-0ab8f6a19a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHJK2X2MR2WDYZMCW7COZXJDUSDYMY6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-a18b79d182", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZRYQ77MTX5WSV33VCJLK4KBKR55QZ7ZA/" } ] }, diff --git a/2021/32xxx/CVE-2021-32761.json b/2021/32xxx/CVE-2021-32761.json index b6ddf30962e..f5cb0bda88a 100644 --- a/2021/32xxx/CVE-2021-32761.json +++ b/2021/32xxx/CVE-2021-32761.json @@ -112,6 +112,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/32xxx/CVE-2021-32762.json b/2021/32xxx/CVE-2021-32762.json index 567e2bf7729..7ae427bb288 100644 --- a/2021/32xxx/CVE-2021-32762.json +++ b/2021/32xxx/CVE-2021-32762.json @@ -102,6 +102,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-61c487f241", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-aa94492a09", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/32xxx/CVE-2021-32765.json b/2021/32xxx/CVE-2021-32765.json index 43da7b6bfb1..053c880c612 100644 --- a/2021/32xxx/CVE-2021-32765.json +++ b/2021/32xxx/CVE-2021-32765.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20211012 [SECURITY] [DLA 2783-1] hiredis security update", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" } ] }, diff --git a/2021/33xxx/CVE-2021-33193.json b/2021/33xxx/CVE-2021-33193.json index 480aeb26ffb..b3db4cb5439 100644 --- a/2021/33xxx/CVE-2021-33193.json +++ b/2021/33xxx/CVE-2021-33193.json @@ -102,6 +102,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2021-17", "url": "https://www.tenable.com/security/tns-2021-17" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-f94985afca", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/" } ] }, diff --git a/2021/33xxx/CVE-2021-33209.json b/2021/33xxx/CVE-2021-33209.json index 04964d1e976..3d6cf3606d9 100644 --- a/2021/33xxx/CVE-2021-33209.json +++ b/2021/33xxx/CVE-2021-33209.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/FIMERspa", + "refsource": "MISC", + "name": "https://twitter.com/FIMERspa" + }, + { + "refsource": "MISC", + "name": "https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EeKCnV76jG5Pn9Ud30fTlesBlk-SZS3uFU80Gt8IEWiE4Q?e=Tdmabs", + "url": "https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EeKCnV76jG5Pn9Ud30fTlesBlk-SZS3uFU80Gt8IEWiE4Q?e=Tdmabs" } ] } diff --git a/2021/33xxx/CVE-2021-33210.json b/2021/33xxx/CVE-2021-33210.json index 9cbd5da4c58..1ec5513033c 100644 --- a/2021/33xxx/CVE-2021-33210.json +++ b/2021/33xxx/CVE-2021-33210.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33210", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33210", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/FIMERspa", + "refsource": "MISC", + "name": "https://twitter.com/FIMERspa" + }, + { + "refsource": "MISC", + "name": "https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EZGyNsndR-hNgtWtDsxoRAoBchaLX4o7RWdTiX1qgD19WQ?e=I9uW0p", + "url": "https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EZGyNsndR-hNgtWtDsxoRAoBchaLX4o7RWdTiX1qgD19WQ?e=I9uW0p" } ] } diff --git a/2021/33xxx/CVE-2021-33259.json b/2021/33xxx/CVE-2021-33259.json index f4a9b3b54a2..1aa19f9ca19 100644 --- a/2021/33xxx/CVE-2021-33259.json +++ b/2021/33xxx/CVE-2021-33259.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33259", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33259", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://d-link.com", + "refsource": "MISC", + "name": "http://d-link.com" + }, + { + "url": "https://www.dlink.com/en/security-bulletin/", + "refsource": "MISC", + "name": "https://www.dlink.com/en/security-bulletin/" + }, + { + "url": "http://dir-868lw.com", + "refsource": "MISC", + "name": "http://dir-868lw.com" + }, + { + "url": "https://github.com/jayus0821/uai-poc/blob/main/D-Link/DIR-868L/webaccess_UAI.md", + "refsource": "MISC", + "name": "https://github.com/jayus0821/uai-poc/blob/main/D-Link/DIR-868L/webaccess_UAI.md" } ] } diff --git a/2021/33xxx/CVE-2021-33425.json b/2021/33xxx/CVE-2021-33425.json index e86a3b3148c..4d534c7b8f8 100644 --- a/2021/33xxx/CVE-2021-33425.json +++ b/2021/33xxx/CVE-2021-33425.json @@ -56,6 +56,11 @@ "url": "http://openwrt.com", "refsource": "MISC", "name": "http://openwrt.com" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211109 [CVE-2021-43523] Incorrect handling of special characters in domain names in uclibc and uclibc-ng", + "url": "http://www.openwall.com/lists/oss-security/2021/11/09/1" } ] } diff --git a/2021/33xxx/CVE-2021-33593.json b/2021/33xxx/CVE-2021-33593.json index b90bc89b019..cf361f5babd 100644 --- a/2021/33xxx/CVE-2021-33593.json +++ b/2021/33xxx/CVE-2021-33593.json @@ -4,15 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@navercorp.com", + "STATE": "PUBLIC" + }, + "credit": [ + { + "lang": "eng", + "value": "YoKo Kho from Telkom Indonesia" + } + ], + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NAVER Whale browser", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.14.0" + } + ] + } + } + ] + }, + "vendor_name": "NAVER" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cve.naver.com/detail/cve-2021-43059", + "refsource": "CONFIRM", + "url": "https://cve.naver.com/detail/cve-2021-43059" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33611.json b/2021/33xxx/CVE-2021-33611.json index 951fb1ef155..de655f138cd 100644 --- a/2021/33xxx/CVE-2021-33611.json +++ b/2021/33xxx/CVE-2021-33611.json @@ -1,18 +1,111 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@vaadin.com", + "DATE_PUBLIC": "2021-11-01T09:45:00.000Z", "ID": "CVE-2021-33611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Vaadin", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "14.0.0" + }, + { + "version_affected": "<=", + "version_value": "14.4.4" + } + ] + } + }, + { + "product_name": "vaadin-menu-bar", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "1.0.0" + }, + { + "version_affected": "<=", + "version_value": "1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Vaadin" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vaadin.com/security/cve-2021-33611", + "refsource": "CONFIRM", + "url": "https://vaadin.com/security/cve-2021-33611" + }, + { + "name": "https://github.com/vaadin/vaadin-menu-bar/pull/126", + "refsource": "CONFIRM", + "url": "https://github.com/vaadin/vaadin-menu-bar/pull/126" + } + ] + }, + "source": { + "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2021/33xxx/CVE-2021-33800.json b/2021/33xxx/CVE-2021-33800.json index 946741ebee0..5de50bd3a64 100644 --- a/2021/33xxx/CVE-2021-33800.json +++ b/2021/33xxx/CVE-2021-33800.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Alibaba-CNA@list.alibaba-inc.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Druid", + "version": { + "version_data": [ + { + "version_value": "1.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.alibaba.com/announcement/announcement?id=214", + "url": "https://security.alibaba.com/announcement/announcement?id=214" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal." } ] } diff --git a/2021/33xxx/CVE-2021-33813.json b/2021/33xxx/CVE-2021-33813.json index 4d3fc8d72ca..bffbcc7cacf 100644 --- a/2021/33xxx/CVE-2021-33813.json +++ b/2021/33xxx/CVE-2021-33813.json @@ -116,6 +116,16 @@ "refsource": "MLIST", "name": "[solr-issues] 20210819 [jira] [Resolved] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", "url": "https://lists.apache.org/thread.html/r21c406c7ed88fe340db7dbae75e58355159e6c324037c7d5547bf40b@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3cb0d02576", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXM/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-f88d2dcc47", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZG/" } ] } diff --git a/2021/33xxx/CVE-2021-33829.json b/2021/33xxx/CVE-2021-33829.json index 2c30eae3e58..95f36e72d6c 100644 --- a/2021/33xxx/CVE-2021-33829.json +++ b/2021/33xxx/CVE-2021-33829.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-87578dca12", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2813-1] ckeditor security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html" } ] } diff --git a/2021/33xxx/CVE-2021-33845.json b/2021/33xxx/CVE-2021-33845.json new file mode 100644 index 00000000000..a988c3a65b0 --- /dev/null +++ b/2021/33xxx/CVE-2021-33845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33910.json b/2021/33xxx/CVE-2021-33910.json index fdc8902575f..31a0fbdf881 100644 --- a/2021/33xxx/CVE-2021-33910.json +++ b/2021/33xxx/CVE-2021-33910.json @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", "url": "http://www.openwall.com/lists/oss-security/2021/09/07/3" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0008/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0008/" } ] } diff --git a/2021/34xxx/CVE-2021-34585.json b/2021/34xxx/CVE-2021-34585.json index 4fcb0fe734f..2a5a9ad3b84 100644 --- a/2021/34xxx/CVE-2021-34585.json +++ b/2021/34xxx/CVE-2021-34585.json @@ -73,7 +73,7 @@ "description": [ { "lang": "eng", - "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions" + "value": "CWE-252 Unchecked Return Value" } ] } @@ -87,8 +87,8 @@ "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=" }, { - "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2021-47", + "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2021-47" } ] diff --git a/2021/34xxx/CVE-2021-34593.json b/2021/34xxx/CVE-2021-34593.json index 3c81ede122a..9d164a02445 100644 --- a/2021/34xxx/CVE-2021-34593.json +++ b/2021/34xxx/CVE-2021-34593.json @@ -90,6 +90,16 @@ "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download=", "refsource": "CONFIRM", "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16877&token=8faab0fc1e069f4edfca5d5aba8146139f67a175&download=" + }, + { + "refsource": "FULLDISC", + "name": "20211029 SEC Consult SA-20211028-0 :: Denial of Service in CODESYS V2", + "url": "http://seclists.org/fulldisclosure/2021/Oct/64" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html", + "url": "http://packetstormsecurity.com/files/164716/CODESYS-2.4.7.0-Denial-Of-Service.html" } ] }, diff --git a/2021/34xxx/CVE-2021-34594.json b/2021/34xxx/CVE-2021-34594.json index b3b9275daa2..b5e385d74d6 100644 --- a/2021/34xxx/CVE-2021-34594.json +++ b/2021/34xxx/CVE-2021-34594.json @@ -1,18 +1,111 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "info@cert.vde.com", + "DATE_PUBLIC": "2021-11-04T06:00:00.000Z", "ID": "CVE-2021-34594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Beckhoff: Relative path traversal vulnerability through TwinCAT OPC UA Server" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TwinCAT OPC UA Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "TF6100", + "version_value": "4.3.48.0" + }, + { + "version_affected": "<", + "version_name": "TS6100", + "version_value": "4.3.48.0" + }, + { + "version_affected": "<", + "version_name": "TcOpcUaServer version", + "version_value": "3.2.0.19423" + } + ] + } + } + ] + }, + "vendor_name": "Beckhoff Automation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Beckhoff Automation thanks Johannes Olegård, Emre Süren, and Robert Lagerström for reporting the issue and for support and efforts with the coordinated disclosure." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23 Relative Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert.vde.com/en/advisories/VDE-2021-051/", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en/advisories/VDE-2021-051/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Please update to a recent version of the affected product (TF6100 or TS6100 version >= 4.3.48.0)" + } + ], + "source": { + "advisory": "VDE-2021-051", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34597.json b/2021/34xxx/CVE-2021-34597.json index b462913d8ad..d3adf5d54a6 100644 --- a/2021/34xxx/CVE-2021-34597.json +++ b/2021/34xxx/CVE-2021-34597.json @@ -1,18 +1,116 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "info@cert.vde.com", + "DATE_PUBLIC": "2021-11-03T08:54:00.000Z", "ID": "CVE-2021-34597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PC Worx", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "PC Worx", + "version_value": "1.88" + }, + { + "version_affected": "<=", + "version_name": "PC Worx-Express", + "version_value": "1.88" + } + ] + } + } + ] + }, + "vendor_name": "Phoenix Contact" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. " + }, + { + "lang": "eng", + "value": "PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert.vde.com/en/advisories/VDE-2021-052/", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en/advisories/VDE-2021-052/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented." + } + ], + "source": { + "advisory": "VDE-2021-052", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity." + } + ] } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34684.json b/2021/34xxx/CVE-2021-34684.json index ab1d30fd917..9358fa86d06 100644 --- a/2021/34xxx/CVE-2021-34684.json +++ b/2021/34xxx/CVE-2021-34684.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34684", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34684", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164791/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/164791/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-SQL-Injection.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34685.json b/2021/34xxx/CVE-2021-34685.json index 4cf51ff40fe..12d87c28d06 100644 --- a/2021/34xxx/CVE-2021-34685.json +++ b/2021/34xxx/CVE-2021-34685.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34685", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34685", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution)." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164775/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Filename-Bypass.html", + "url": "http://packetstormsecurity.com/files/164775/Pentaho-Business-Analytics-Pentaho-Business-Server-9.1-Filename-Bypass.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:H/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34701.json b/2021/34xxx/CVE-2021-34701.json index 2dbd7f419c5..b1fd2a21f78 100644 --- a/2021/34xxx/CVE-2021-34701.json +++ b/2021/34xxx/CVE-2021-34701.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-34701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Unified Communications Products Path Traversal Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unity Connection ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Unified Communications Products Path Traversal Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO" + } + ] + }, + "source": { + "advisory": "cisco-sa-cucm-path-trav-dKCvktvO", + "defect": [ + [ + "CSCvy64877", + "CSCvy89690", + "CSCvy89691" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34731.json b/2021/34xxx/CVE-2021-34731.json index 807a795250f..3f870abd064 100644 --- a/2021/34xxx/CVE-2021-34731.json +++ b/2021/34xxx/CVE-2021-34731.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-34731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Access Registrar ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials. Cisco expects to release software updates that address this vulnerability." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG" + } + ] + }, + "source": { + "advisory": "cisco-sa-cpar-strd-xss-A4DCVETG", + "defect": [ + [ + "CSCvz17427" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34739.json b/2021/34xxx/CVE-2021-34739.json index 6d29dff3e40..c34cf4eebde 100644 --- a/2021/34xxx/CVE-2021-34739.json +++ b/2021/34xxx/CVE-2021-34739.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-34739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Small Business Series Switches Session Credentials Replay Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business Smart and Managed Switches ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This vulnerability is due to insufficient expiration of session credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack against an affected device to intercept valid session credentials and then replaying the intercepted credentials toward the same device at a later time. A successful exploit could allow the attacker to access the web-based management interface with administrator privileges." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Small Business Series Switches Session Credentials Replay Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5" + } + ] + }, + "source": { + "advisory": "cisco-sa-smb-switches-tokens-UzwpR4e5", + "defect": [ + [ + "CSCvx48953", + "CSCvx48962", + "CSCvx52310" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34741.json b/2021/34xxx/CVE-2021-34741.json index 009bf289709..7c536058123 100644 --- a/2021/34xxx/CVE-2021-34741.json +++ b/2021/34xxx/CVE-2021-34741.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-34741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Email Security Appliance Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Email Security Appliance (ESA) ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Email Security Appliance Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO" + } + ] + }, + "source": { + "advisory": "cisco-sa-esa-dos-JOm9ETfO", + "defect": [ + [ + "CSCvy59938" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34773.json b/2021/34xxx/CVE-2021-34773.json index c32018c5a27..5eb8e3ba24a 100644 --- a/2021/34xxx/CVE-2021-34773.json +++ b/2021/34xxx/CVE-2021-34773.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-34773", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H" + } + ] + }, + "source": { + "advisory": "cisco-sa-ucm-csrf-xrTkDu3H", + "defect": [ + [ + "CSCvy86674", + "CSCvz73888" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34774.json b/2021/34xxx/CVE-2021-34774.json index 01d5e53f586..9a80b89bff0 100644 --- a/2021/34xxx/CVE-2021-34774.json +++ b/2021/34xxx/CVE-2021-34774.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-34774", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Common Services Platform Collector Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Common Services Platform Collector Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.9", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Common Services Platform Collector Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL" + } + ] + }, + "source": { + "advisory": "cisco-sa-cspc-info-disc-KM3bGVL", + "defect": [ + [ + "CSCvz05854" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34784.json b/2021/34xxx/CVE-2021-34784.json index c48835fd44d..d7d8cfaf945 100644 --- a/2021/34xxx/CVE-2021-34784.json +++ b/2021/34xxx/CVE-2021-34784.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-34784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Infrastructure ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j" + } + ] + }, + "source": { + "advisory": "cisco-sa-pi-epnm-xss-U2JK537j", + "defect": [ + [ + "CSCvz07282", + "CSCvz09504" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34795.json b/2021/34xxx/CVE-2021-34795.json index 9841c1f973f..5926e116626 100644 --- a/2021/34xxx/CVE-2021-34795.json +++ b/2021/34xxx/CVE-2021-34795.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-34795", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Catalyst PON Series ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "10.0", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr" + } + ] + }, + "source": { + "advisory": "cisco-sa-catpon-multivulns-CE3DSYGr", + "defect": [ + [ + "CSCvz61943", + "CSCvz61948", + "CSCvz67097" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/35xxx/CVE-2021-35053.json b/2021/35xxx/CVE-2021-35053.json index 5563346c8b6..c0ecc8ed594 100644 --- a/2021/35xxx/CVE-2021-35053.json +++ b/2021/35xxx/CVE-2021-35053.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-35053", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnerability@kaspersky.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kaspersky Endpoint Security for Windows", + "version": { + "version_data": [ + { + "version_value": "KES versions from 11.1 to 11.6 (inclusively)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021", + "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1280/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable." } ] } diff --git a/2021/35xxx/CVE-2021-35197.json b/2021/35xxx/CVE-2021-35197.json index 0ac744c0b13..b2f79e9eb34 100644 --- a/2021/35xxx/CVE-2021-35197.json +++ b/2021/35xxx/CVE-2021-35197.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-56d8173b5e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3dd1b66cbf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" } ] } diff --git a/2021/35xxx/CVE-2021-35368.json b/2021/35xxx/CVE-2021-35368.json index 273efca7df2..922b3f491f1 100644 --- a/2021/35xxx/CVE-2021-35368.json +++ b/2021/35xxx/CVE-2021-35368.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35368", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35368", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://owasp.org/www-project-modsecurity-core-rule-set/", + "url": "https://owasp.org/www-project-modsecurity-core-rule-set/" + }, + { + "refsource": "MISC", + "name": "https://portswigger.net/daily-swig/lessons-learned-how-a-severe-vulnerability-in-the-owasp-modsecurity-core-rule-set-sparked-much-needed-change", + "url": "https://portswigger.net/daily-swig/lessons-learned-how-a-severe-vulnerability-in-the-owasp-modsecurity-core-rule-set-sparked-much-needed-change" + }, + { + "refsource": "CONFIRM", + "name": "https://portswigger.net/daily-swig/waf-bypass-severe-owasp-modsecurity-core-rule-set-bug-was-present-for-several-years", + "url": "https://portswigger.net/daily-swig/waf-bypass-severe-owasp-modsecurity-core-rule-set-bug-was-present-for-several-years" + }, + { + "refsource": "CONFIRM", + "name": "https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/", + "url": "https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/" } ] } diff --git a/2021/35xxx/CVE-2021-35488.json b/2021/35xxx/CVE-2021-35488.json index 5674fd08d46..df35e570d1f 100644 --- a/2021/35xxx/CVE-2021-35488.json +++ b/2021/35xxx/CVE-2021-35488.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35488", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35488", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.gruppotim.it/redteam", + "url": "https://www.gruppotim.it/redteam" + }, + { + "url": "https://www.thruk.org/changelog.html", + "refsource": "MISC", + "name": "https://www.thruk.org/changelog.html" } ] } diff --git a/2021/35xxx/CVE-2021-35489.json b/2021/35xxx/CVE-2021-35489.json index 8fcfa291a70..24aebeaac50 100644 --- a/2021/35xxx/CVE-2021-35489.json +++ b/2021/35xxx/CVE-2021-35489.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35489", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35489", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.gruppotim.it/redteam", + "url": "https://www.gruppotim.it/redteam" + }, + { + "url": "https://www.thruk.org/changelog.html", + "refsource": "MISC", + "name": "https://www.thruk.org/changelog.html" } ] } diff --git a/2021/35xxx/CVE-2021-35496.json b/2021/35xxx/CVE-2021-35496.json index bb2ae45dd59..2386ddc5e1d 100644 --- a/2021/35xxx/CVE-2021-35496.json +++ b/2021/35xxx/CVE-2021-35496.json @@ -2,6 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2021-10-12T17:00:00Z", + "UPDATED": "2021-11-02T17:00:00Z", "ID": "CVE-2021-35496", "STATE": "PUBLIC", "TITLE": "TIBCO JasperReports XML Eternal Entity (XXE) vulnerability" @@ -135,7 +136,7 @@ "description_data": [ { "lang": "eng", - "value": "The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0." + "value": "The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to interfere with XML processing in the affected component. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0." } ] }, @@ -143,15 +144,15 @@ "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.6, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, @@ -161,7 +162,7 @@ "description": [ { "lang": "eng", - "value": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of the affected systems data and the ability to cause a partial denial of service (partial DOS) on the affected system." + "value": "Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to the affected systems data and the ability to cause a denial of service (DOS) on the affected system." } ] } @@ -173,11 +174,6 @@ "name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories" - }, - { - "refsource": "CONFIRM", - "name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35496", - "url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35496" } ] }, diff --git a/2021/35xxx/CVE-2021-35550.json b/2021/35xxx/CVE-2021-35550.json index 46c0835aba6..5b6609469e9 100644 --- a/2021/35xxx/CVE-2021-35550.json +++ b/2021/35xxx/CVE-2021-35550.json @@ -105,6 +105,26 @@ "refsource": "FEDORA", "name": "FEDORA-2021-1cc8ffd122", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-eb3e3e87d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35556.json b/2021/35xxx/CVE-2021-35556.json index 0eb8121f0ff..6c6c0fb6bb9 100644 --- a/2021/35xxx/CVE-2021-35556.json +++ b/2021/35xxx/CVE-2021-35556.json @@ -99,6 +99,36 @@ "refsource": "FEDORA", "name": "FEDORA-2021-7701833090", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-9a51a6f8b1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1cc8ffd122", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-eb3e3e87d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35559.json b/2021/35xxx/CVE-2021-35559.json index ee44af3a878..cdf479c6133 100644 --- a/2021/35xxx/CVE-2021-35559.json +++ b/2021/35xxx/CVE-2021-35559.json @@ -99,6 +99,36 @@ "refsource": "FEDORA", "name": "FEDORA-2021-7701833090", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-9a51a6f8b1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1cc8ffd122", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-eb3e3e87d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35561.json b/2021/35xxx/CVE-2021-35561.json index eb643cde666..3e59646f8a1 100644 --- a/2021/35xxx/CVE-2021-35561.json +++ b/2021/35xxx/CVE-2021-35561.json @@ -99,6 +99,36 @@ "refsource": "FEDORA", "name": "FEDORA-2021-7701833090", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-9a51a6f8b1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1cc8ffd122", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-eb3e3e87d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35564.json b/2021/35xxx/CVE-2021-35564.json index 3e5260b5cd9..258ecbcfb76 100644 --- a/2021/35xxx/CVE-2021-35564.json +++ b/2021/35xxx/CVE-2021-35564.json @@ -99,6 +99,36 @@ "refsource": "FEDORA", "name": "FEDORA-2021-7701833090", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-9a51a6f8b1", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1cc8ffd122", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-eb3e3e87d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35565.json b/2021/35xxx/CVE-2021-35565.json index 770fb625a05..d6570baf498 100644 --- a/2021/35xxx/CVE-2021-35565.json +++ b/2021/35xxx/CVE-2021-35565.json @@ -105,6 +105,26 @@ "refsource": "FEDORA", "name": "FEDORA-2021-1cc8ffd122", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-eb3e3e87d3", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35567.json b/2021/35xxx/CVE-2021-35567.json index dddd79ce933..fc4556249b9 100644 --- a/2021/35xxx/CVE-2021-35567.json +++ b/2021/35xxx/CVE-2021-35567.json @@ -90,6 +90,26 @@ "refsource": "FEDORA", "name": "FEDORA-2021-7701833090", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-1cc8ffd122", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35578.json b/2021/35xxx/CVE-2021-35578.json index 9d294e0c22f..9dee12130cd 100644 --- a/2021/35xxx/CVE-2021-35578.json +++ b/2021/35xxx/CVE-2021-35578.json @@ -95,6 +95,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-1cc8ffd122", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35586.json b/2021/35xxx/CVE-2021-35586.json index 93dd5669d29..1eb0c86b442 100644 --- a/2021/35xxx/CVE-2021-35586.json +++ b/2021/35xxx/CVE-2021-35586.json @@ -99,6 +99,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-1cc8ffd122", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35588.json b/2021/35xxx/CVE-2021-35588.json index 761d2200349..967764589ac 100644 --- a/2021/35xxx/CVE-2021-35588.json +++ b/2021/35xxx/CVE-2021-35588.json @@ -91,6 +91,16 @@ "refsource": "FEDORA", "name": "FEDORA-2021-1cc8ffd122", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35603.json b/2021/35xxx/CVE-2021-35603.json index 0e1087e1afd..62a2cd243fe 100644 --- a/2021/35xxx/CVE-2021-35603.json +++ b/2021/35xxx/CVE-2021-35603.json @@ -99,6 +99,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-1cc8ffd122", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-107c8c5063", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5000", + "url": "https://www.debian.org/security/2021/dsa-5000" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html" } ] } diff --git a/2021/35xxx/CVE-2021-35976.json b/2021/35xxx/CVE-2021-35976.json index c37f5ac0537..676c943dd29 100644 --- a/2021/35xxx/CVE-2021-35976.json +++ b/2021/35xxx/CVE-2021-35976.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.bouali.io/cves/cve-2021-35976", + "url": "https://www.bouali.io/cves/cve-2021-35976" + }, { "refsource": "CONFIRM", "name": "https://support.plesk.com/hc/en-us/articles/4402990507026", diff --git a/2021/36xxx/CVE-2021-36172.json b/2021/36xxx/CVE-2021-36172.json index cadc9451f54..60e363577ce 100644 --- a/2021/36xxx/CVE-2021-36172.json +++ b/2021/36xxx/CVE-2021-36172.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36172", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal before 6.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 3.8, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-104", + "url": "https://fortiguard.com/advisory/FG-IR-21-104" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents." } ] } diff --git a/2021/36xxx/CVE-2021-36174.json b/2021/36xxx/CVE-2021-36174.json index 86487e79597..12cd77e2274 100644 --- a/2021/36xxx/CVE-2021-36174.json +++ b/2021/36xxx/CVE-2021-36174.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal before 6.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "Low", + "baseScore": 4.1, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-109", + "url": "https://fortiguard.com/advisory/FG-IR-21-109" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs." } ] } diff --git a/2021/36xxx/CVE-2021-36176.json b/2021/36xxx/CVE-2021-36176.json index 4b78c39b91b..17f95897aaa 100644 --- a/2021/36xxx/CVE-2021-36176.json +++ b/2021/36xxx/CVE-2021-36176.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal before 6.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 5.8, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "None", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-100", + "url": "https://fortiguard.com/advisory/FG-IR-21-100" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests." } ] } diff --git a/2021/36xxx/CVE-2021-36181.json b/2021/36xxx/CVE-2021-36181.json index 088cd88c7f6..ac62c50c151 100644 --- a/2021/36xxx/CVE-2021-36181.json +++ b/2021/36xxx/CVE-2021-36181.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal before 6.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Network", + "availabilityImpact": "None", + "baseScore": 3.0, + "baseSeverity": "Low", + "confidentialityImpact": "None", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-102", + "url": "https://fortiguard.com/advisory/FG-IR-21-102" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests." } ] } diff --git a/2021/36xxx/CVE-2021-36183.json b/2021/36xxx/CVE-2021-36183.json index 10dd0ad77b6..b18d9a0f570 100644 --- a/2021/36xxx/CVE-2021-36183.json +++ b/2021/36xxx/CVE-2021-36183.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36183", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientWindows", + "version": { + "version_data": [ + { + "version_value": "FortiClientWindows 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "High", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.2, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-20-079", + "url": "https://fortiguard.com/advisory/FG-IR-20-079" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates." } ] } diff --git a/2021/36xxx/CVE-2021-36184.json b/2021/36xxx/CVE-2021-36184.json index 1c5ba4093f9..a638e50950f 100644 --- a/2021/36xxx/CVE-2021-36184.json +++ b/2021/36xxx/CVE-2021-36184.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36184", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWLM", + "version": { + "version_data": [ + { + "version_value": "FortiWLM 8.6.1, 8.6.0, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.3, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-107", + "url": "https://fortiguard.com/advisory/FG-IR-21-107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests." } ] } diff --git a/2021/36xxx/CVE-2021-36185.json b/2021/36xxx/CVE-2021-36185.json index c593e39cde0..3f42d013c64 100644 --- a/2021/36xxx/CVE-2021-36185.json +++ b/2021/36xxx/CVE-2021-36185.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWLM", + "version": { + "version_data": [ + { + "version_value": "FortiWLM 8.6.1, 8.6.0, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "High", + "baseScore": 8.3, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-110", + "url": "https://fortiguard.com/advisory/FG-IR-21-110" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests." } ] } diff --git a/2021/36xxx/CVE-2021-36186.json b/2021/36xxx/CVE-2021-36186.json index 3ee4e49c928..25e7fdcccd7 100644 --- a/2021/36xxx/CVE-2021-36186.json +++ b/2021/36xxx/CVE-2021-36186.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36186", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWeb", + "version": { + "version_data": [ + { + "version_value": "FortiWeb 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Adjacent", + "availabilityImpact": "High", + "baseScore": 8.3, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-119", + "url": "https://fortiguard.com/advisory/FG-IR-21-119" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests" } ] } diff --git a/2021/36xxx/CVE-2021-36187.json b/2021/36xxx/CVE-2021-36187.json index fc7f7758f82..54bb5831f51 100644 --- a/2021/36xxx/CVE-2021-36187.json +++ b/2021/36xxx/CVE-2021-36187.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWeb", + "version": { + "version_data": [ + { + "version_value": "FortiWeb 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.9.1, 5.9.0, 5.8.7, 5.8.6, 5.8.5, 5.8.3, 5.8.2, 5.8.1, 5.8.0, 5.7.3, 5.7.2, 5.7.1, 5.7.0, 5.6.2, 5.6.1, 5.6.0, 5.5.7, 5.5.6, 5.5.5, 5.5.4, 5.5.3, 5.5.2, 5.5.1, 5.5.0, 5.4.1, 5.4.0, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.4.7, 4.4.6, 4.4.5, 4.4.4, 4.4.3, 4.4.2, 4.4.1, 4.4.0, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.2.4, 4.2.3, 4.2.2, 4.2.0, 4.1.2, 4.1.1, 4.1.0, 4.0.2, 3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Network", + "availabilityImpact": "Low", + "baseScore": 5.0, + "baseSeverity": "Medium", + "confidentialityImpact": "None", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-039", + "url": "https://fortiguard.com/advisory/FG-IR-21-039" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests" } ] } diff --git a/2021/36xxx/CVE-2021-36192.json b/2021/36xxx/CVE-2021-36192.json index 41c63ac27db..58ad6c9972b 100644 --- a/2021/36xxx/CVE-2021-36192.json +++ b/2021/36xxx/CVE-2021-36192.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiManager", + "version": { + "version_data": [ + { + "version_value": "FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.1, + "baseSeverity": "Medium", + "confidentialityImpact": "Low", + "integrityImpact": "Low", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:U/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-103", + "url": "https://fortiguard.com/advisory/FG-IR-21-103" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS." } ] } diff --git a/2021/36xxx/CVE-2021-36222.json b/2021/36xxx/CVE-2021-36222.json index a21ef54f010..e8f358106a7 100644 --- a/2021/36xxx/CVE-2021-36222.json +++ b/2021/36xxx/CVE-2021-36222.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211022-0003/", "url": "https://security.netapp.com/advisory/ntap-20211022-0003/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0007/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0007/" } ] } diff --git a/2021/36xxx/CVE-2021-36560.json b/2021/36xxx/CVE-2021-36560.json index 78bc494f421..883dc5928e5 100644 --- a/2021/36xxx/CVE-2021-36560.json +++ b/2021/36xxx/CVE-2021-36560.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36560", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36560", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + }, + { + "refsource": "MISC", + "name": "https://pratikkhalane91.medium.com/cve-2021-35559-bb62022dd08a", + "url": "https://pratikkhalane91.medium.com/cve-2021-35559-bb62022dd08a" } ] } diff --git a/2021/36xxx/CVE-2021-36697.json b/2021/36xxx/CVE-2021-36697.json index e4226450d3e..54d275fd9f6 100644 --- a/2021/36xxx/CVE-2021-36697.json +++ b/2021/36xxx/CVE-2021-36697.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36697", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36697", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new \"file type\" and the code can be executed with an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://artica.com", + "refsource": "MISC", + "name": "http://artica.com" + }, + { + "url": "http://pandora.com", + "refsource": "MISC", + "name": "http://pandora.com" + }, + { + "refsource": "MISC", + "name": "https://k4m1ll0.com/chained_exploit_htaccess.html", + "url": "https://k4m1ll0.com/chained_exploit_htaccess.html" } ] } diff --git a/2021/36xxx/CVE-2021-36698.json b/2021/36xxx/CVE-2021-36698.json index 49a4f55be93..e8d8eb6620c 100644 --- a/2021/36xxx/CVE-2021-36698.json +++ b/2021/36xxx/CVE-2021-36698.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36698", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36698", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://artica.com", + "refsource": "MISC", + "name": "http://artica.com" + }, + { + "url": "http://pandora.com", + "refsource": "MISC", + "name": "http://pandora.com" + }, + { + "refsource": "MISC", + "name": "https://k4m1ll0.com/chained_exploit_htaccess.html", + "url": "https://k4m1ll0.com/chained_exploit_htaccess.html" } ] } diff --git a/2021/36xxx/CVE-2021-36794.json b/2021/36xxx/CVE-2021-36794.json index a5af78bfcca..d38d7524d55 100644 --- a/2021/36xxx/CVE-2021-36794.json +++ b/2021/36xxx/CVE-2021-36794.json @@ -1,18 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36794", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36794", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.siren.io/c/announcements", + "refsource": "MISC", + "name": "https://community.siren.io/c/announcements" + }, + { + "url": "https://docs.siren.io/index", + "refsource": "MISC", + "name": "https://docs.siren.io/index" + }, + { + "refsource": "MISC", + "name": "https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html#_security_fixes_3", + "url": "https://docs.siren.io/siren-platform-user-guide/11.1/release-notes.html#_security_fixes_3" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36799.json b/2021/36xxx/CVE-2021-36799.json index bf8862b8511..e94d92aa8d7 100644 --- a/2021/36xxx/CVE-2021-36799.json +++ b/2021/36xxx/CVE-2021-36799.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Hard-coded password and salt for encryption of project files in KNX Association's ETS5 (all versions up to v5.7.6) allows a local unprivileged user to access cryptographic keys of KNX devices stored in the project files via decryption with the known password \"ETS5Password\" and salt \"Ivan Medvedev\"." + "value": "** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." } ] }, diff --git a/2021/36xxx/CVE-2021-36808.json b/2021/36xxx/CVE-2021-36808.json index a702da69620..cc89c3d9993 100644 --- a/2021/36xxx/CVE-2021-36808.json +++ b/2021/36xxx/CVE-2021-36808.json @@ -4,15 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-36808", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@sophos.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sophos Secure Workspace for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.7.3115" + } + ] + } + } + ] + }, + "vendor_name": "Sophos" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Christian Niel Angel" + } + ], "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20211029-ssw-pw-bypass", + "refsource": "CONFIRM", + "url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20211029-ssw-pw-bypass" } ] } -} \ No newline at end of file +} diff --git a/2021/36xxx/CVE-2021-36922.json b/2021/36xxx/CVE-2021-36922.json index aa42721fd0c..8b5c7a6b17c 100644 --- a/2021/36xxx/CVE-2021-36922.json +++ b/2021/36xxx/CVE-2021-36922.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36922", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36922", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sentinelone.com/resources/category/report/", + "refsource": "MISC", + "name": "https://www.sentinelone.com/resources/category/report/" + }, + { + "refsource": "MISC", + "name": "https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf", + "url": "https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf" } ] } diff --git a/2021/36xxx/CVE-2021-36923.json b/2021/36xxx/CVE-2021-36923.json index 1d4238247e2..c2d7b42eaf8 100644 --- a/2021/36xxx/CVE-2021-36923.json +++ b/2021/36xxx/CVE-2021-36923.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36923", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36923", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sentinelone.com/resources/category/report/", + "refsource": "MISC", + "name": "https://www.sentinelone.com/resources/category/report/" + }, + { + "refsource": "MISC", + "name": "https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf", + "url": "https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf" } ] } diff --git a/2021/36xxx/CVE-2021-36924.json b/2021/36xxx/CVE-2021-36924.json index ebb846b1c7d..e82657b8ea3 100644 --- a/2021/36xxx/CVE-2021-36924.json +++ b/2021/36xxx/CVE-2021-36924.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36924", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36924", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sentinelone.com/resources/category/report/", + "refsource": "MISC", + "name": "https://www.sentinelone.com/resources/category/report/" + }, + { + "refsource": "MISC", + "name": "https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf", + "url": "https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf" } ] } diff --git a/2021/36xxx/CVE-2021-36925.json b/2021/36xxx/CVE-2021-36925.json index f2644996c72..8196f350643 100644 --- a/2021/36xxx/CVE-2021-36925.json +++ b/2021/36xxx/CVE-2021-36925.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36925", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36925", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sentinelone.com/resources/category/report/", + "refsource": "MISC", + "name": "https://www.sentinelone.com/resources/category/report/" + }, + { + "refsource": "MISC", + "name": "https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf", + "url": "https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37147.json b/2021/37xxx/CVE-2021-37147.json index 4c4849a9b85..e9140a5e296 100644 --- a/2021/37xxx/CVE-2021-37147.json +++ b/2021/37xxx/CVE-2021-37147.json @@ -1,18 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-37147", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Request Smuggling - LF line ending" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "8.0.0 to 8.1.2 and 9.0.0 to 9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Apache Traffic Server would like to thank Mattias Grenfeldt and Asta Olofsson for reporting this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164", + "name": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37148.json b/2021/37xxx/CVE-2021-37148.json index 3d19df08c23..1c528841f0d 100644 --- a/2021/37xxx/CVE-2021-37148.json +++ b/2021/37xxx/CVE-2021-37148.json @@ -1,18 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-37148", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Request Smuggling - transfer encoding validation" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "8.0.0 to 8.1.2 and 9.0.0 to 9.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Apache Traffic Server would like to thank Mattias Grenfeldt and Asta Olofsson for reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164", + "name": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37149.json b/2021/37xxx/CVE-2021-37149.json index 7865301d72f..aabccda69b2 100644 --- a/2021/37xxx/CVE-2021-37149.json +++ b/2021/37xxx/CVE-2021-37149.json @@ -1,18 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-37149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Request Smuggling - multiple attacks" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "8.0.0 to 8.1.2 and 9.0.0 to 9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Apache Traffic Server would like to thank Mattias Grenfeldt and Asta Olofsson for reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164", + "name": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37207.json b/2021/37xxx/CVE-2021-37207.json index 34d1be9bf17..af0ef586755 100644 --- a/2021/37xxx/CVE-2021-37207.json +++ b/2021/37xxx/CVE-2021-37207.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-37207", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-37207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SENTRON powermanager V3", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-537983.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-537983.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37220.json b/2021/37xxx/CVE-2021-37220.json index 63e9fd56c0f..7d1fca5afe3 100644 --- a/2021/37xxx/CVE-2021-37220.json +++ b/2021/37xxx/CVE-2021-37220.json @@ -61,6 +61,11 @@ "url": "http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f", "refsource": "MISC", "name": "http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-e1d8a99caa", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TKRMREIYUBGG2GV73CU7BJNW2Q34IP23/" } ] } diff --git a/2021/37xxx/CVE-2021-37695.json b/2021/37xxx/CVE-2021-37695.json index e8daa03df0e..baf1eddc50a 100644 --- a/2021/37xxx/CVE-2021-37695.json +++ b/2021/37xxx/CVE-2021-37695.json @@ -98,6 +98,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2813-1] ckeditor security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html" } ] }, diff --git a/2021/37xxx/CVE-2021-37726.json b/2021/37xxx/CVE-2021-37726.json index 4a9def00356..a32fdf0c119 100644 --- a/2021/37xxx/CVE-2021-37726.json +++ b/2021/37xxx/CVE-2021-37726.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf" } ] }, diff --git a/2021/37xxx/CVE-2021-37727.json b/2021/37xxx/CVE-2021-37727.json index 805247bfbca..2a4b547163c 100644 --- a/2021/37xxx/CVE-2021-37727.json +++ b/2021/37xxx/CVE-2021-37727.json @@ -60,6 +60,11 @@ "refsource": "MISC", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf" } ] }, diff --git a/2021/37xxx/CVE-2021-37730.json b/2021/37xxx/CVE-2021-37730.json index eac29b26fcc..f60cb637ceb 100644 --- a/2021/37xxx/CVE-2021-37730.json +++ b/2021/37xxx/CVE-2021-37730.json @@ -60,6 +60,11 @@ "refsource": "MISC", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf" } ] }, diff --git a/2021/37xxx/CVE-2021-37732.json b/2021/37xxx/CVE-2021-37732.json index 121083bd53c..e1bb8b5d253 100644 --- a/2021/37xxx/CVE-2021-37732.json +++ b/2021/37xxx/CVE-2021-37732.json @@ -60,6 +60,11 @@ "refsource": "MISC", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf" } ] }, diff --git a/2021/37xxx/CVE-2021-37734.json b/2021/37xxx/CVE-2021-37734.json index b9cc1b45508..8f50e5c76e1 100644 --- a/2021/37xxx/CVE-2021-37734.json +++ b/2021/37xxx/CVE-2021-37734.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf" } ] }, diff --git a/2021/37xxx/CVE-2021-37735.json b/2021/37xxx/CVE-2021-37735.json index c43ca6306f4..67eb2dffbbc 100644 --- a/2021/37xxx/CVE-2021-37735.json +++ b/2021/37xxx/CVE-2021-37735.json @@ -54,6 +54,11 @@ "refsource": "MISC", "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt", "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf" } ] }, diff --git a/2021/37xxx/CVE-2021-37806.json b/2021/37xxx/CVE-2021-37806.json index 55927f030e7..e631990b01d 100644 --- a/2021/37xxx/CVE-2021-37806.json +++ b/2021/37xxx/CVE-2021-37806.json @@ -56,6 +56,16 @@ "url": "https://packetstormsecurity.com/files/163626/Vehicle-Parking-Management-System-1.0-SQL-Injection.html", "refsource": "MISC", "name": "https://packetstormsecurity.com/files/163626/Vehicle-Parking-Management-System-1.0-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37806", + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37806" + }, + { + "refsource": "MISC", + "name": "https://streamable.com/rfcchi", + "url": "https://streamable.com/rfcchi" } ] } diff --git a/2021/37xxx/CVE-2021-37842.json b/2021/37xxx/CVE-2021-37842.json index 543211ecb99..148bea81764 100644 --- a/2021/37xxx/CVE-2021-37842.json +++ b/2021/37xxx/CVE-2021-37842.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37842", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37842", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", + "refsource": "MISC", + "name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html" + }, + { + "url": "https://www.couchbase.com/alerts", + "refsource": "MISC", + "name": "https://www.couchbase.com/alerts" } ] } diff --git a/2021/37xxx/CVE-2021-37850.json b/2021/37xxx/CVE-2021-37850.json index 7b9da1057e7..d304f05a62a 100644 --- a/2021/37xxx/CVE-2021-37850.json +++ b/2021/37xxx/CVE-2021-37850.json @@ -1,18 +1,125 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@eset.com", "ID": "CVE-2021-37850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Denial of service in ESET for Mac products" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ESET Cyber Security", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "6.10.700" + } + ] + } + }, + { + "product_name": "ESET Cyber Security Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.10.700" + } + ] + } + }, + { + "product_name": "ESET Endpoint Antivirus for macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.10.910.0" + } + ] + } + }, + { + "product_name": "ESET Endpoint Security for macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.10.910.0" + } + ] + } + } + ] + }, + "vendor_name": "ESET, spol. s r.o." + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (\u5ef7\u53e1 \u5468) who reported this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial Of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://support.eset.com/en/ca8151", + "name": "https://support.eset.com/en/ca8151" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37956.json b/2021/37xxx/CVE-2021-37956.json index 8b0ea405507..71c54a59976 100644 --- a/2021/37xxx/CVE-2021-37956.json +++ b/2021/37xxx/CVE-2021-37956.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37957.json b/2021/37xxx/CVE-2021-37957.json index 2833e75f47a..c27f4cd568a 100644 --- a/2021/37xxx/CVE-2021-37957.json +++ b/2021/37xxx/CVE-2021-37957.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37958.json b/2021/37xxx/CVE-2021-37958.json index d9e729d1ef7..72b025c2365 100644 --- a/2021/37xxx/CVE-2021-37958.json +++ b/2021/37xxx/CVE-2021-37958.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37959.json b/2021/37xxx/CVE-2021-37959.json index 0042291b39a..d6d510a5d2b 100644 --- a/2021/37xxx/CVE-2021-37959.json +++ b/2021/37xxx/CVE-2021-37959.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37960.json b/2021/37xxx/CVE-2021-37960.json index 61cbd23d600..15fc1715606 100644 --- a/2021/37xxx/CVE-2021-37960.json +++ b/2021/37xxx/CVE-2021-37960.json @@ -5,14 +5,14 @@ "CVE_data_meta": { "ID": "CVE-2021-37960", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } -} \ No newline at end of file +} diff --git a/2021/37xxx/CVE-2021-37961.json b/2021/37xxx/CVE-2021-37961.json index 45c84eb8d3b..f1d60af5e3e 100644 --- a/2021/37xxx/CVE-2021-37961.json +++ b/2021/37xxx/CVE-2021-37961.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37962.json b/2021/37xxx/CVE-2021-37962.json index d4b67945de5..7b5f48f76fa 100644 --- a/2021/37xxx/CVE-2021-37962.json +++ b/2021/37xxx/CVE-2021-37962.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37963.json b/2021/37xxx/CVE-2021-37963.json index 0ad6776d13d..ec72519da8a 100644 --- a/2021/37xxx/CVE-2021-37963.json +++ b/2021/37xxx/CVE-2021-37963.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37964.json b/2021/37xxx/CVE-2021-37964.json index d0358bb46f4..7e3df41ba63 100644 --- a/2021/37xxx/CVE-2021-37964.json +++ b/2021/37xxx/CVE-2021-37964.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37965.json b/2021/37xxx/CVE-2021-37965.json index 185f6cc217d..f3c0d1f9e7c 100644 --- a/2021/37xxx/CVE-2021-37965.json +++ b/2021/37xxx/CVE-2021-37965.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37966.json b/2021/37xxx/CVE-2021-37966.json index f2afcdbdc57..383c22fe2bf 100644 --- a/2021/37xxx/CVE-2021-37966.json +++ b/2021/37xxx/CVE-2021-37966.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37967.json b/2021/37xxx/CVE-2021-37967.json index 432e80c9686..c3c544c4953 100644 --- a/2021/37xxx/CVE-2021-37967.json +++ b/2021/37xxx/CVE-2021-37967.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37968.json b/2021/37xxx/CVE-2021-37968.json index 7b5761f62c1..6bbd6dd880e 100644 --- a/2021/37xxx/CVE-2021-37968.json +++ b/2021/37xxx/CVE-2021-37968.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37969.json b/2021/37xxx/CVE-2021-37969.json index a8bdb036841..5bcb17a080f 100644 --- a/2021/37xxx/CVE-2021-37969.json +++ b/2021/37xxx/CVE-2021-37969.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37970.json b/2021/37xxx/CVE-2021-37970.json index 039e5a41eb4..6eaee868bd8 100644 --- a/2021/37xxx/CVE-2021-37970.json +++ b/2021/37xxx/CVE-2021-37970.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37971.json b/2021/37xxx/CVE-2021-37971.json index e52097b4b75..c1e03f04ea0 100644 --- a/2021/37xxx/CVE-2021-37971.json +++ b/2021/37xxx/CVE-2021-37971.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37972.json b/2021/37xxx/CVE-2021-37972.json index a7de7750fc7..e0899eb3f10 100644 --- a/2021/37xxx/CVE-2021-37972.json +++ b/2021/37xxx/CVE-2021-37972.json @@ -64,6 +64,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-359a715688", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7G7UQ57NOKHQBYIHNJAFKFVWOQ6ZNU6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37973.json b/2021/37xxx/CVE-2021-37973.json index a2bd66e5ccd..50b74194e1e 100644 --- a/2021/37xxx/CVE-2021-37973.json +++ b/2021/37xxx/CVE-2021-37973.json @@ -59,6 +59,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-ab09a05562", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-591b3a2af0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/" } ] }, diff --git a/2021/37xxx/CVE-2021-37974.json b/2021/37xxx/CVE-2021-37974.json index fb64391647a..21d76cd26c0 100644 --- a/2021/37xxx/CVE-2021-37974.json +++ b/2021/37xxx/CVE-2021-37974.json @@ -59,6 +59,16 @@ "refsource": "FEDORA", "name": "FEDORA-2021-116eff380f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D63JZ3ROXCUHP4CFWDHCPZNTGET7T34R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5ffabdc080", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRFXUDH46PFVE75VQVWY6PYY5DK3S2XT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5093f11905", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/" } ] }, diff --git a/2021/37xxx/CVE-2021-37975.json b/2021/37xxx/CVE-2021-37975.json index afc2bcc4cfe..805a1bde757 100644 --- a/2021/37xxx/CVE-2021-37975.json +++ b/2021/37xxx/CVE-2021-37975.json @@ -59,6 +59,16 @@ "refsource": "FEDORA", "name": "FEDORA-2021-116eff380f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D63JZ3ROXCUHP4CFWDHCPZNTGET7T34R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5ffabdc080", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRFXUDH46PFVE75VQVWY6PYY5DK3S2XT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5093f11905", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/" } ] }, diff --git a/2021/37xxx/CVE-2021-37976.json b/2021/37xxx/CVE-2021-37976.json index f9fe670644e..90fd39d609b 100644 --- a/2021/37xxx/CVE-2021-37976.json +++ b/2021/37xxx/CVE-2021-37976.json @@ -59,6 +59,16 @@ "refsource": "FEDORA", "name": "FEDORA-2021-116eff380f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D63JZ3ROXCUHP4CFWDHCPZNTGET7T34R/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5ffabdc080", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRFXUDH46PFVE75VQVWY6PYY5DK3S2XT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5093f11905", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/" } ] }, diff --git a/2021/37xxx/CVE-2021-37977.json b/2021/37xxx/CVE-2021-37977.json index a0c39598c59..08d67b8d848 100644 --- a/2021/37xxx/CVE-2021-37977.json +++ b/2021/37xxx/CVE-2021-37977.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "94.0.4606.81", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1252878", + "refsource": "MISC", + "name": "https://crbug.com/1252878" + }, + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5093f11905", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37978.json b/2021/37xxx/CVE-2021-37978.json index dc48b5cf73b..d33bfc6ae3b 100644 --- a/2021/37xxx/CVE-2021-37978.json +++ b/2021/37xxx/CVE-2021-37978.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37978", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "94.0.4606.81", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1236318", + "refsource": "MISC", + "name": "https://crbug.com/1236318" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5093f11905", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37979.json b/2021/37xxx/CVE-2021-37979.json index 423734aa064..3d534dcb3b5 100644 --- a/2021/37xxx/CVE-2021-37979.json +++ b/2021/37xxx/CVE-2021-37979.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37979", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "94.0.4606.81", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1247260", + "refsource": "MISC", + "name": "https://crbug.com/1247260" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5093f11905", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37980.json b/2021/37xxx/CVE-2021-37980.json index 052ad77e427..e89272a9a46 100644 --- a/2021/37xxx/CVE-2021-37980.json +++ b/2021/37xxx/CVE-2021-37980.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "94.0.4606.81", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1254631", + "refsource": "MISC", + "name": "https://crbug.com/1254631" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-5093f11905", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows." } ] } diff --git a/2021/37xxx/CVE-2021-37981.json b/2021/37xxx/CVE-2021-37981.json index d940c8cf2dd..86cae6451d3 100644 --- a/2021/37xxx/CVE-2021-37981.json +++ b/2021/37xxx/CVE-2021-37981.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1246631", + "refsource": "MISC", + "name": "https://crbug.com/1246631" + }, + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37982.json b/2021/37xxx/CVE-2021-37982.json index 7cde50ce7db..04740ec91fc 100644 --- a/2021/37xxx/CVE-2021-37982.json +++ b/2021/37xxx/CVE-2021-37982.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1248661", + "refsource": "MISC", + "name": "https://crbug.com/1248661" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37983.json b/2021/37xxx/CVE-2021-37983.json index 3ce5948eee3..a66a3b79558 100644 --- a/2021/37xxx/CVE-2021-37983.json +++ b/2021/37xxx/CVE-2021-37983.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1249810", + "refsource": "MISC", + "name": "https://crbug.com/1249810" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37984.json b/2021/37xxx/CVE-2021-37984.json index 52cc080e820..c156f05e7bc 100644 --- a/2021/37xxx/CVE-2021-37984.json +++ b/2021/37xxx/CVE-2021-37984.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1253399", + "refsource": "MISC", + "name": "https://crbug.com/1253399" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37985.json b/2021/37xxx/CVE-2021-37985.json index da413031dfb..41ec3e69bae 100644 --- a/2021/37xxx/CVE-2021-37985.json +++ b/2021/37xxx/CVE-2021-37985.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1241860", + "refsource": "MISC", + "name": "https://crbug.com/1241860" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37986.json b/2021/37xxx/CVE-2021-37986.json index 937fc1334a0..a222af61d2c 100644 --- a/2021/37xxx/CVE-2021-37986.json +++ b/2021/37xxx/CVE-2021-37986.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1242404", + "refsource": "MISC", + "name": "https://crbug.com/1242404" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37987.json b/2021/37xxx/CVE-2021-37987.json index 6daf85ada35..e74f2466e93 100644 --- a/2021/37xxx/CVE-2021-37987.json +++ b/2021/37xxx/CVE-2021-37987.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37987", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1206928", + "refsource": "MISC", + "name": "https://crbug.com/1206928" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37988.json b/2021/37xxx/CVE-2021-37988.json index 45565438799..a10bd0221cc 100644 --- a/2021/37xxx/CVE-2021-37988.json +++ b/2021/37xxx/CVE-2021-37988.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1228248", + "refsource": "MISC", + "name": "https://crbug.com/1228248" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37989.json b/2021/37xxx/CVE-2021-37989.json index 8c881b9738c..0a63f7ac108 100644 --- a/2021/37xxx/CVE-2021-37989.json +++ b/2021/37xxx/CVE-2021-37989.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1233067", + "refsource": "MISC", + "name": "https://crbug.com/1233067" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37990.json b/2021/37xxx/CVE-2021-37990.json index 8c338111725..41ba2195d74 100644 --- a/2021/37xxx/CVE-2021-37990.json +++ b/2021/37xxx/CVE-2021-37990.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1247395", + "refsource": "MISC", + "name": "https://crbug.com/1247395" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app." } ] } diff --git a/2021/37xxx/CVE-2021-37991.json b/2021/37xxx/CVE-2021-37991.json index 5c60d14acde..2a4961610bf 100644 --- a/2021/37xxx/CVE-2021-37991.json +++ b/2021/37xxx/CVE-2021-37991.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Race" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1250660", + "refsource": "MISC", + "name": "https://crbug.com/1250660" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37992.json b/2021/37xxx/CVE-2021-37992.json index 9b658b48bc6..2f2a399e24e 100644 --- a/2021/37xxx/CVE-2021-37992.json +++ b/2021/37xxx/CVE-2021-37992.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37992", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1253746", + "refsource": "MISC", + "name": "https://crbug.com/1253746" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37993.json b/2021/37xxx/CVE-2021-37993.json index 1afd5fc7a36..c6f07743f77 100644 --- a/2021/37xxx/CVE-2021-37993.json +++ b/2021/37xxx/CVE-2021-37993.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37993", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1255332", + "refsource": "MISC", + "name": "https://crbug.com/1255332" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37994.json b/2021/37xxx/CVE-2021-37994.json index a63287420c6..3d0ef8dec5a 100644 --- a/2021/37xxx/CVE-2021-37994.json +++ b/2021/37xxx/CVE-2021-37994.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1100761", + "refsource": "MISC", + "name": "https://crbug.com/1100761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37995.json b/2021/37xxx/CVE-2021-37995.json index 8c577daa9dc..d826ccbaa68 100644 --- a/2021/37xxx/CVE-2021-37995.json +++ b/2021/37xxx/CVE-2021-37995.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1242315", + "refsource": "MISC", + "name": "https://crbug.com/1242315" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page." } ] } diff --git a/2021/37xxx/CVE-2021-37996.json b/2021/37xxx/CVE-2021-37996.json index 4885c95af24..f18b18b61d7 100644 --- a/2021/37xxx/CVE-2021-37996.json +++ b/2021/37xxx/CVE-2021-37996.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37996", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "95.0.4638.54", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient validation of untrusted input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html" + }, + { + "url": "https://crbug.com/1243020", + "refsource": "MISC", + "name": "https://crbug.com/1243020" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file." } ] } diff --git a/2021/38xxx/CVE-2021-38114.json b/2021/38xxx/CVE-2021-38114.json index 897e8e9227c..34f4db5f275 100644 --- a/2021/38xxx/CVE-2021-38114.json +++ b/2021/38xxx/CVE-2021-38114.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4990", "url": "https://www.debian.org/security/2021/dsa-4990" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4998", + "url": "https://www.debian.org/security/2021/dsa-4998" } ] } diff --git a/2021/38xxx/CVE-2021-38161.json b/2021/38xxx/CVE-2021-38161.json index 73bd6373f5c..db0008894da 100644 --- a/2021/38xxx/CVE-2021-38161.json +++ b/2021/38xxx/CVE-2021-38161.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-38161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Not validating origin TLS certificate" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "8.0.0 to 8.0.8" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164", + "name": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38356.json b/2021/38xxx/CVE-2021-38356.json index 72b9f27f17c..cf41213fcdc 100644 --- a/2021/38xxx/CVE-2021-38356.json +++ b/2021/38xxx/CVE-2021-38356.json @@ -1,18 +1,96 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-11-28T10:14:00.000Z", "ID": "CVE-2021-38356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NextScripts: Social Networks Auto-Poster", + "version": { + "version_data": [ + { + "platform": "WordPress", + "version_affected": "<=", + "version_name": "4.3.20", + "version_value": "4.3.20" + } + ] + } + } + ] + }, + "vendor_name": "NextScripts" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall, Wordfence" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page']." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/10/xss-vulnerability-in-nextscripts-social-networks-auto-poster-plugin-impacts-100000-sites/", + "name": "https://www.wordfence.com/blog/2021/10/xss-vulnerability-in-nextscripts-social-networks-auto-poster-plugin-impacts-100000-sites/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38403.json b/2021/38xxx/CVE-2021-38403.json index ac22162d91e..08747cc9769 100644 --- a/2021/38xxx/CVE-2021-38403.json +++ b/2021/38xxx/CVE-2021-38403.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38407.json b/2021/38xxx/CVE-2021-38407.json index ae1caf165c7..6d0818742f3 100644 --- a/2021/38xxx/CVE-2021-38407.json +++ b/2021/38xxx/CVE-2021-38407.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38407", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38411.json b/2021/38xxx/CVE-2021-38411.json index cabf8a745e2..533ceefceb3 100644 --- a/2021/38xxx/CVE-2021-38411.json +++ b/2021/38xxx/CVE-2021-38411.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38416.json b/2021/38xxx/CVE-2021-38416.json index fd23dc4dafb..f01f7d348b3 100644 --- a/2021/38xxx/CVE-2021-38416.json +++ b/2021/38xxx/CVE-2021-38416.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427 Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38418.json b/2021/38xxx/CVE-2021-38418.json index b878148fe65..7778dcfd248 100644 --- a/2021/38xxx/CVE-2021-38418.json +++ b/2021/38xxx/CVE-2021-38418.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38418", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38420.json b/2021/38xxx/CVE-2021-38420.json index afdbabc956e..b88211a9654 100644 --- a/2021/38xxx/CVE-2021-38420.json +++ b/2021/38xxx/CVE-2021-38420.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427 Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38422.json b/2021/38xxx/CVE-2021-38422.json index 14ee563a37c..5aa54311557 100644 --- a/2021/38xxx/CVE-2021-38422.json +++ b/2021/38xxx/CVE-2021-38422.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312 Cleartext Storage of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38424.json b/2021/38xxx/CVE-2021-38424.json index 08810fc1804..3e3abc9e416 100644 --- a/2021/38xxx/CVE-2021-38424.json +++ b/2021/38xxx/CVE-2021-38424.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38424", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38428.json b/2021/38xxx/CVE-2021-38428.json index 4d3937e8342..d00a273d2d2 100644 --- a/2021/38xxx/CVE-2021-38428.json +++ b/2021/38xxx/CVE-2021-38428.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38488.json b/2021/38xxx/CVE-2021-38488.json index 87925b61d1d..7cf00beb08e 100644 --- a/2021/38xxx/CVE-2021-38488.json +++ b/2021/38xxx/CVE-2021-38488.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2021-10-21T18:29:00.000Z", "ID": "CVE-2021-38488", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Delta Electronics DIALink" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIALink", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All", + "version_value": "1.2.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Delta Electronics" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02" + } + ] + }, + "source": { + "advisory": "ICSA-21-294-02", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Delta Electronics is aware of the vulnerabilities and is currently working on an update. " + } + ] } \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38491.json b/2021/38xxx/CVE-2021-38491.json index 7c83c87f33e..fc9fc50fced 100644 --- a/2021/38xxx/CVE-2021-38491.json +++ b/2021/38xxx/CVE-2021-38491.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38491", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "92", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Mixed-Content-Blocking was unable to check opaque origins" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-38/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-38/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1551886", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1551886" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92." } ] } diff --git a/2021/38xxx/CVE-2021-38492.json b/2021/38xxx/CVE-2021-38492.json index 6779cb59ab8..3ba0b40711e 100644 --- a/2021/38xxx/CVE-2021-38492.json +++ b/2021/38xxx/CVE-2021-38492.json @@ -4,14 +4,114 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "92", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.1", + "version_affected": "<" + }, + { + "version_value": "78.14", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.14", + "version_affected": "<" + }, + { + "version_value": "91.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Navigating to `mk:` URL scheme could load Internet Explorer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-40/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-40/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-41/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-41/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-38/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-38/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-42/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-42/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-39/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-39/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1721107", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1721107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1." } ] } diff --git a/2021/38xxx/CVE-2021-38493.json b/2021/38xxx/CVE-2021-38493.json index 5f0a2a6a3df..55c05085f17 100644 --- a/2021/38xxx/CVE-2021-38493.json +++ b/2021/38xxx/CVE-2021-38493.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.14", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.14", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "92", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-38/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-38/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-42/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-42/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-39/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-39/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1724101%2C1724107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92." } ] } diff --git a/2021/38xxx/CVE-2021-38494.json b/2021/38xxx/CVE-2021-38494.json index 03c5a52133b..6876c531690 100644 --- a/2021/38xxx/CVE-2021-38494.json +++ b/2021/38xxx/CVE-2021-38494.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "92", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 92" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-38/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-38/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723920%2C1725638", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723920%2C1725638" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92." } ] } diff --git a/2021/38xxx/CVE-2021-38495.json b/2021/38xxx/CVE-2021-38495.json index fd0af3c5fb0..3696eaf501b 100644 --- a/2021/38xxx/CVE-2021-38495.json +++ b/2021/38xxx/CVE-2021-38495.json @@ -4,14 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.1", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Thunderbird 91.1" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-40/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-40/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-41/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-41/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1." } ] } diff --git a/2021/38xxx/CVE-2021-38496.json b/2021/38xxx/CVE-2021-38496.json index 145d10357f1..f4ebe829f85 100644 --- a/2021/38xxx/CVE-2021-38496.json +++ b/2021/38xxx/CVE-2021-38496.json @@ -4,14 +4,114 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38496", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.15", + "version_affected": "<" + }, + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + }, + { + "version_value": "78.15", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "93", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in MessageTask" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-47/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-43/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-43/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-46/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-44/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-44/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1725335", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1725335" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93." } ] } diff --git a/2021/38xxx/CVE-2021-38497.json b/2021/38xxx/CVE-2021-38497.json index dc31752672e..c9d101e3445 100644 --- a/2021/38xxx/CVE-2021-38497.json +++ b/2021/38xxx/CVE-2021-38497.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "93", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Validation message could have been overlaid on another origin" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-47/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-43/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-43/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1726621", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1726621" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2." } ] } diff --git a/2021/38xxx/CVE-2021-38498.json b/2021/38xxx/CVE-2021-38498.json index 53a16a9c37d..fc8ac728760 100644 --- a/2021/38xxx/CVE-2021-38498.json +++ b/2021/38xxx/CVE-2021-38498.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "93", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free of nsLanguageAtomService object" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-47/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-43/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-43/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1729642", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1729642" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2." } ] } diff --git a/2021/38xxx/CVE-2021-38499.json b/2021/38xxx/CVE-2021-38499.json index 654c7501adf..0b369b22c71 100644 --- a/2021/38xxx/CVE-2021-38499.json +++ b/2021/38xxx/CVE-2021-38499.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38499", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "93", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 93" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-43/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-43/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1667102%2C1723170%2C1725356%2C1727364", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1667102%2C1723170%2C1725356%2C1727364" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93." } ] } diff --git a/2021/38xxx/CVE-2021-38500.json b/2021/38xxx/CVE-2021-38500.json index e207fc6da65..0d65cedc635 100644 --- a/2021/38xxx/CVE-2021-38500.json +++ b/2021/38xxx/CVE-2021-38500.json @@ -4,14 +4,114 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.15", + "version_affected": "<" + }, + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + }, + { + "version_value": "78.15", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "93", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-47/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-43/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-43/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-46/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-46/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-44/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-44/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1725854%2C1728321", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1725854%2C1728321" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93." } ] } diff --git a/2021/38xxx/CVE-2021-38501.json b/2021/38xxx/CVE-2021-38501.json index 279e7d6a746..7c8645ea700 100644 --- a/2021/38xxx/CVE-2021-38501.json +++ b/2021/38xxx/CVE-2021-38501.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "93", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-47/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-45/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-45/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-43/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-43/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685354%2C1715755%2C1723176", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685354%2C1715755%2C1723176" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2." } ] } diff --git a/2021/38xxx/CVE-2021-38502.json b/2021/38xxx/CVE-2021-38502.json index 1e4843517f7..a5ec8044dc8 100644 --- a/2021/38xxx/CVE-2021-38502.json +++ b/2021/38xxx/CVE-2021-38502.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91.2", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Downgrade attack on SMTP STARTTLS connections" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-47/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-47/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1733366", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1733366" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2." } ] } diff --git a/2021/38xxx/CVE-2021-38562.json b/2021/38xxx/CVE-2021-38562.json index eb6a6676b39..a251e07f041 100644 --- a/2021/38xxx/CVE-2021-38562.json +++ b/2021/38xxx/CVE-2021-38562.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c", "url": "https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-825dd1879f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JK57CEEXLQF7MGBCUX76DZHXML7LUSQ/" } ] } diff --git a/2021/38xxx/CVE-2021-38727.json b/2021/38xxx/CVE-2021-38727.json index 9410542409c..3f3dd628c23 100644 --- a/2021/38xxx/CVE-2021-38727.json +++ b/2021/38xxx/CVE-2021-38727.json @@ -56,6 +56,16 @@ "url": "https://github.com/daylightstudio/FUEL-CMS/issues/582", "refsource": "MISC", "name": "https://github.com/daylightstudio/FUEL-CMS/issues/582" + }, + { + "refsource": "MISC", + "name": "https://www.nu11secur1ty.com/2021/10/cve-2021-38727.html", + "url": "https://www.nu11secur1ty.com/2021/10/cve-2021-38727.html" + }, + { + "refsource": "MISC", + "name": "https://streamable.com/lxw3ln", + "url": "https://streamable.com/lxw3ln" } ] } diff --git a/2021/38xxx/CVE-2021-38840.json b/2021/38xxx/CVE-2021-38840.json index dfba189d537..043ee466610 100644 --- a/2021/38xxx/CVE-2021-38840.json +++ b/2021/38xxx/CVE-2021-38840.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://www.exploit-db.com/exploits/50204", "url": "https://www.exploit-db.com/exploits/50204" + }, + { + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38840", + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38840" } ] } diff --git a/2021/38xxx/CVE-2021-38847.json b/2021/38xxx/CVE-2021-38847.json index 8ce6099d4aa..c88a94e3a89 100644 --- a/2021/38xxx/CVE-2021-38847.json +++ b/2021/38xxx/CVE-2021-38847.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38847", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38847", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload", + "refsource": "MISC", + "name": "https://github.com/bousalman/S-Cart-Arbitrary-File-Upload" } ] } diff --git a/2021/38xxx/CVE-2021-38948.json b/2021/38xxx/CVE-2021-38948.json index e947787ccd9..50f470c98a3 100644 --- a/2021/38xxx/CVE-2021-38948.json +++ b/2021/38xxx/CVE-2021-38948.json @@ -1,18 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-38948", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-29T00:00:00" + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6509632", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6509632", + "title": "IBM Security Bulletin 6509632 (InfoSphere Information Server)" + }, + { + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211402", + "name": "ibm-infosphere-cve202138948-xxe (211402)", + "refsource": "XF" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "InfoSphere Information Server", + "version": { + "version_data": [ + { + "version_value": "11.7" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402." } ] - } + }, + "data_type": "CVE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "7.100", + "S": "U", + "AV": "N", + "PR": "L", + "I": "N", + "A": "L", + "AC": "L", + "C": "H", + "UI": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "data_format": "MITRE" } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39182.json b/2021/39xxx/CVE-2021-39182.json index 2d7ac777c15..8338515e8fd 100644 --- a/2021/39xxx/CVE-2021-39182.json +++ b/2021/39xxx/CVE-2021-39182.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39182", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EnroCrypt", + "version": { + "version_data": [ + { + "version_value": "< 1.1.4" + } + ] + } + } + ] + }, + "vendor_name": "Morgan-Phoenix" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-328: Reversible One-Way Hash" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-916: Use of Password Hash With Insufficient Computational Effort" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783", + "refsource": "CONFIRM", + "url": "https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783" + }, + { + "name": "https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce", + "refsource": "MISC", + "url": "https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce" + } + ] + }, + "source": { + "advisory": "GHSA-35m5-8cvj-8783", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39226.json b/2021/39xxx/CVE-2021-39226.json index 45eec630791..fb2769bb898 100644 --- a/2021/39xxx/CVE-2021-39226.json +++ b/2021/39xxx/CVE-2021-39226.json @@ -106,6 +106,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211029-0008/", "url": "https://security.netapp.com/advisory/ntap-20211029-0008/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-01588ab0bf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCKBFUSY6V4VU5AQUYWKISREZX5NLQJT/" } ] }, diff --git a/2021/39xxx/CVE-2021-39237.json b/2021/39xxx/CVE-2021-39237.json index 608a7e99964..7c4609af46b 100644 --- a/2021/39xxx/CVE-2021-39237.json +++ b/2021/39xxx/CVE-2021-39237.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP LaserJet; HP LaserJet Managed; HP PageWide; HP PageWide Managed printers", + "version": { + "version_data": [ + { + "version_value": "FS3: before 3.9.8" + }, + { + "version_value": "FS4: before 4.11.2.1" + }, + { + "version_value": "FS: before 5.3" + }, + { + "version_value": "FS5: before 5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5000124-5000148-16", + "url": "https://support.hp.com/us-en/document/ish_5000124-5000148-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure." } ] } diff --git a/2021/39xxx/CVE-2021-39238.json b/2021/39xxx/CVE-2021-39238.json index a89057af565..e2f1fa1a10b 100644 --- a/2021/39xxx/CVE-2021-39238.json +++ b/2021/39xxx/CVE-2021-39238.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39238", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP Enterprise LaserJet; HP LaserJet Managed; HP Enterprise PageWide; HP PageWide Managed printers", + "version": { + "version_data": [ + { + "version_value": "FS3: before 3.9.8" + }, + { + "version_value": "FS4: before 4.11.2.1" + }, + { + "version_value": "FS: before 5.3" + }, + { + "version_value": "FS5: before 5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential buffer overflow." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_5000383-5000409-16", + "url": "https://support.hp.com/us-en/document/ish_5000383-5000409-16" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow." } ] } diff --git a/2021/39xxx/CVE-2021-39330.json b/2021/39xxx/CVE-2021-39330.json index 811ebc89d7d..488176c6972 100644 --- a/2021/39xxx/CVE-2021-39330.json +++ b/2021/39xxx/CVE-2021-39330.json @@ -1,106 +1,18 @@ { - "CVE_data_meta": { - "AKA": "Wordfence", - "ASSIGNER": "security@wordfence.com", - "DATE_PUBLIC": "2021-10-13T20:40:00.000Z", - "ID": "CVE-2021-39330", - "STATE": "PUBLIC", - "TITLE": "Formidable Form Builder \u2013 Contact Form, Survey & Quiz Forms Plugin for WordPress <= 5.0.06 Authenticated Stored Cross-Site Scripting" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Formidable Form Builder", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "5.0.06", - "version_value": "5.0.06" - } - ] - } - } - ] - }, - "vendor_name": "Formidable" - } - ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "Thinkland Security Team" - } - ], - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-39330", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "The Formidable Form Builder WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found in the ~/classes/helpers/FrmAppHelper.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 5.0.06. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-24608. Reason: This candidate is a duplicate of CVE-2021-24608. Notes: All CVE users should reference CVE-2021-24608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] - }, - "generator": { - "engine": "Vulnogram 0.0.9" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "HIGH", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39330", - "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39330" - }, - { - "refsource": "MISC", - "url": "https://plugins.trac.wordpress.org/changeset/2609911/formidable/trunk/classes/helpers/FrmAppHelper.php", - "name": "https://plugins.trac.wordpress.org/changeset/2609911/formidable/trunk/classes/helpers/FrmAppHelper.php" - } - ] - }, - "solution": [ - { - "lang": "eng", - "value": "Update to version 5.0.07 or newer. " - } - ], - "source": { - "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39333.json b/2021/39xxx/CVE-2021-39333.json index 573a41922ab..99783ea0a17 100644 --- a/2021/39xxx/CVE-2021-39333.json +++ b/2021/39xxx/CVE-2021-39333.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@wordfence.com", "ID": "CVE-2021-39333", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hashthemes Demo Importer", + "version": { + "version_data": [ + { + "platform": "WordPress", + "version_affected": "<=", + "version_name": "1.1.1", + "version_value": "1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Hashthemes" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall, Wordfence" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/10/site-deletion-vulnerability-in-hashthemes-plugin/", + "name": "https://www.wordfence.com/blog/2021/10/site-deletion-vulnerability-in-hashthemes-plugin/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39340.json b/2021/39xxx/CVE-2021-39340.json index 15663179c19..89ea4487d46 100644 --- a/2021/39xxx/CVE-2021-39340.json +++ b/2021/39xxx/CVE-2021-39340.json @@ -1,18 +1,111 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-10-25T13:41:00.000Z", "ID": "CVE-2021-39340", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Notification \u2013 Custom Notifications and Alerts for WordPress <= 7.2.4 Authenticated Stored Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Notification \u2013 Custom Notifications and Alerts for WordPress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.2.4", + "version_value": "7.2.4" + } + ] + } + } + ] + }, + "vendor_name": "Notification \u2013 Custom Notifications and Alerts for WordPress" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thinkland Security Team" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/BigTiger2020/word-press/blob/main/Notification.md", + "name": "https://github.com/BigTiger2020/word-press/blob/main/Notification.md" + }, + { + "refsource": "MISC", + "url": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39340", + "name": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39340" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/notification/tags/7.2.4/src/classes/Utils/Settings.php#L167", + "name": "https://plugins.trac.wordpress.org/browser/notification/tags/7.2.4/src/classes/Utils/Settings.php#L167" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 8.0.0, or newer. " + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39341.json b/2021/39xxx/CVE-2021-39341.json index 95358311569..4c2d3ae99b1 100644 --- a/2021/39xxx/CVE-2021-39341.json +++ b/2021/39xxx/CVE-2021-39341.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-11-01T09:02:00.000Z", "ID": "CVE-2021-39341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "OptinMonster <= 2.6.4 Unprotected REST-API Endpoints" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OptinMonster", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2.6.4", + "version_value": "2.6.4" + } + ] + } + } + ] + }, + "vendor_name": "OptinMonster" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Chloe Chamberland, Wordfence" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities/", + "name": "https://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities/" + }, + { + "refsource": "MISC", + "url": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39341", + "name": "https://wordfence.com/vulnerability-advisories/#CVE-2021-39341" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/optinmonster/trunk/OMAPI/RestApi.php?rev=2606519#L1460", + "name": "https://plugins.trac.wordpress.org/browser/optinmonster/trunk/OMAPI/RestApi.php?rev=2606519#L1460" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 2.6.5, or newer. " + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39346.json b/2021/39xxx/CVE-2021-39346.json index d1ebc045083..28a4744a55b 100644 --- a/2021/39xxx/CVE-2021-39346.json +++ b/2021/39xxx/CVE-2021-39346.json @@ -1,18 +1,111 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-11-01T10:32:00.000Z", "ID": "CVE-2021-39346", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Google Maps Easy <= 1.9.33 Authenticated Stored Cross-Site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Maps Easy", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.9.33", + "version_value": "1.9.33" + } + ] + } + } + ] + }, + "vendor_name": "Google Maps Easy" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thinkland Security Team" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://github.com/BigTiger2020/word-press/blob/main/Google%20Maps%20Easy.md", + "name": "https://github.com/BigTiger2020/word-press/blob/main/Google%20Maps%20Easy.md" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset/2620851/google-maps-easy/trunk/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php", + "name": "https://plugins.trac.wordpress.org/changeset/2620851/google-maps-easy/trunk/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php" + }, + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39346", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39346" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 1.10.1 or newer. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39358.json b/2021/39xxx/CVE-2021-39358.json index 65d88cc8d44..77064cc19bb 100644 --- a/2021/39xxx/CVE-2021-39358.json +++ b/2021/39xxx/CVE-2021-39358.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-9c737bb848", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRCVZUNPTNFQQQCEZVP7RYY6OKHPDBC5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-743a0aafa0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXXAF56BYLSES4UCLXKFCODZXTNAZ2G6/" } ] } diff --git a/2021/39xxx/CVE-2021-39360.json b/2021/39xxx/CVE-2021-39360.json index e28cbbc8512..d081847fc04 100644 --- a/2021/39xxx/CVE-2021-39360.json +++ b/2021/39xxx/CVE-2021-39360.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-c3395a5df6", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDXCHOCVP3VSAKDBQSLER2DQHFIOUHAT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-77ce69dba6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG7TUICJM4QJHI4QJ2RHOSQE2QWD3KO3/" } ] } diff --git a/2021/39xxx/CVE-2021-39411.json b/2021/39xxx/CVE-2021-39411.json index cc0ca457c4e..fa4bc4e1fd2 100644 --- a/2021/39xxx/CVE-2021-39411.json +++ b/2021/39xxx/CVE-2021-39411.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39411", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39411", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sisl.lab.uic.edu/projects/chess/hmsp/", + "refsource": "MISC", + "name": "https://sisl.lab.uic.edu/projects/chess/hmsp/" } ] } diff --git a/2021/39xxx/CVE-2021-39412.json b/2021/39xxx/CVE-2021-39412.json index 1aefd393cbe..b9d871599cc 100644 --- a/2021/39xxx/CVE-2021-39412.json +++ b/2021/39xxx/CVE-2021-39412.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39412", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39412", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sisl.lab.uic.edu/projects/chess/php-gurukul-shopping/", + "refsource": "MISC", + "name": "https://sisl.lab.uic.edu/projects/chess/php-gurukul-shopping/" } ] } diff --git a/2021/39xxx/CVE-2021-39413.json b/2021/39xxx/CVE-2021-39413.json index 6d20aa27ead..9a8f1ac1556 100644 --- a/2021/39xxx/CVE-2021-39413.json +++ b/2021/39xxx/CVE-2021-39413.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39413", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39413", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sisl.lab.uic.edu/projects/chess/seo-panel/", + "refsource": "MISC", + "name": "https://sisl.lab.uic.edu/projects/chess/seo-panel/" } ] } diff --git a/2021/39xxx/CVE-2021-39416.json b/2021/39xxx/CVE-2021-39416.json index 79d54dc286f..d2f15b973da 100644 --- a/2021/39xxx/CVE-2021-39416.json +++ b/2021/39xxx/CVE-2021-39416.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39416", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39416", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sisl.lab.uic.edu/projects/chess/remote-clinic/", + "refsource": "MISC", + "name": "https://sisl.lab.uic.edu/projects/chess/remote-clinic/" + }, + { + "url": "https://github.com/remoteclinic/RemoteClinic/issues/17", + "refsource": "MISC", + "name": "https://github.com/remoteclinic/RemoteClinic/issues/17" + }, + { + "url": "https://remoteclinic.io", + "refsource": "MISC", + "name": "https://remoteclinic.io" } ] } diff --git a/2021/39xxx/CVE-2021-39420.json b/2021/39xxx/CVE-2021-39420.json index 272328b34e4..0f8638ee2ae 100644 --- a/2021/39xxx/CVE-2021-39420.json +++ b/2021/39xxx/CVE-2021-39420.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39420", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39420", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sisl.lab.uic.edu/projects/chess/vfront0-99-5/", + "refsource": "MISC", + "name": "https://sisl.lab.uic.edu/projects/chess/vfront0-99-5/" } ] } diff --git a/2021/39xxx/CVE-2021-39895.json b/2021/39xxx/CVE-2021-39895.json index 6d451695894..1cdbb70360c 100644 --- a/2021/39xxx/CVE-2021-39895.json +++ b/2021/39xxx/CVE-2021-39895.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=8.0, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/337824", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/337824", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1272535", + "url": "https://hackerone.com/reports/1272535", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39895.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39895.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @justas_b for reporting this vulnerability through our HackerOne bug bounty program." + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39897.json b/2021/39xxx/CVE-2021-39897.json index a368568609a..7d62028cc87 100644 --- a/2021/39xxx/CVE-2021-39897.json +++ b/2021/39xxx/CVE-2021-39897.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=12.9, <12.9.8" + }, + { + "version_value": ">=12.10, <12.10.7" + }, + { + "version_value": ">=13.0, <13.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/341017", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/341017", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1330806", + "url": "https://hackerone.com/reports/1330806", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39897.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39897.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 2.6, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks joaxcar for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39898.json b/2021/39xxx/CVE-2021-39898.json index 715229e9c0d..c75fad7b2ce 100644 --- a/2021/39xxx/CVE-2021-39898.json +++ b/2021/39xxx/CVE-2021-39898.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=10.6, <14.1.7" + }, + { + "version_value": ">=14.2, <14.2.5" + }, + { + "version_value": ">=14.3, <14.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/33734", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/33734", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/698068", + "url": "https://hackerone.com/reports/698068", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39898.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39898.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3.6, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @xanbanx for reporting this vulnerability through our HackerOne bug bounty program." + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39901.json b/2021/39xxx/CVE-2021-39901.json index 760e88798fc..e64fd503757 100644 --- a/2021/39xxx/CVE-2021-39901.json +++ b/2021/39xxx/CVE-2021-39901.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39901", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=11.10, <14.2.6" + }, + { + "version_value": ">=14.3, <14.3.4" + }, + { + "version_value": ">=14.4, <14.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/11640", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/11640", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/565884", + "url": "https://hackerone.com/reports/565884", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39901.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39901.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 2.6, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @ngalog for reporting this vulnerability through our HackerOne bug bounty program." + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39902.json b/2021/39xxx/CVE-2021-39902.json index b30d2178ada..2a136837132 100644 --- a/2021/39xxx/CVE-2021-39902.json +++ b/2021/39xxx/CVE-2021-39902.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.4, <14.2.6" + }, + { + "version_value": ">=14.3, <14.3.4" + }, + { + "version_value": ">=14.4, <14.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/341479", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/341479", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1341674", + "url": "https://hackerone.com/reports/1341674", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39902.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39902.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @cradlr for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39903.json b/2021/39xxx/CVE-2021-39903.json index dcbaa69cf29..4c6d4f6c805 100644 --- a/2021/39xxx/CVE-2021-39903.json +++ b/2021/39xxx/CVE-2021-39903.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39903", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.0, <14.2.6" + }, + { + "version_value": ">=14.3, <14.3.4" + }, + { + "version_value": ">=14.4, <14.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper authorization in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300017", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300017", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1086781", + "url": "https://hackerone.com/reports/1086781", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39903.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39903.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @s4nderdevelopment for reporting this vulnerability through our HackerOne bug bounty program." + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39904.json b/2021/39xxx/CVE-2021-39904.json index 95cd163ccbe..242f79f6e37 100644 --- a/2021/39xxx/CVE-2021-39904.json +++ b/2021/39xxx/CVE-2021-39904.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.1, <14.4.1" + }, + { + "version_value": ">=13.0, <14.3.4" + }, + { + "version_value": ">=12.10, <14.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper access control in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/295298", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/295298", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1063420", + "url": "https://hackerone.com/reports/1063420", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39904.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39904.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks jimeno for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39905.json b/2021/39xxx/CVE-2021-39905.json index 98311328a85..fefc2ef2d85 100644 --- a/2021/39xxx/CVE-2021-39905.json +++ b/2021/39xxx/CVE-2021-39905.json @@ -4,15 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39905", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=8.9.6, <14.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information exposure in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/28226", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/28226", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/538029", + "url": "https://hackerone.com/reports/538029", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39905.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39905.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks rafiem for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39906.json b/2021/39xxx/CVE-2021-39906.json index a3775265f16..2285639c675 100644 --- a/2021/39xxx/CVE-2021-39906.json +++ b/2021/39xxx/CVE-2021-39906.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39906", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.5, <14.2.6" + }, + { + "version_value": ">=14.3, <14.3.4" + }, + { + "version_value": ">=14.4, <14.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/341566", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/341566", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1347600", + "url": "https://hackerone.com/reports/1347600", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39906.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39906.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @saleemrashid for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39907.json b/2021/39xxx/CVE-2021-39907.json index 4e1109febba..bba3be64c71 100644 --- a/2021/39xxx/CVE-2021-39907.json +++ b/2021/39xxx/CVE-2021-39907.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39907", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=14.4, <14.4.1" + }, + { + "version_value": ">=14.3, <14.3.4" + }, + { + "version_value": ">=13.7, <14.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/299869", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/299869", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1083182", + "url": "https://hackerone.com/reports/1083182", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39907.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39907.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @ajxchapman for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39909.json b/2021/39xxx/CVE-2021-39909.json index aa92ddbb299..b513b5bdad6 100644 --- a/2021/39xxx/CVE-2021-39909.json +++ b/2021/39xxx/CVE-2021-39909.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39909", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=11.3, <14.4.1" + }, + { + "version_value": ">=11.2, <14.3.4" + }, + { + "version_value": ">=11.1, <14.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unverified ownership in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/335191", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/335191", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1237750", + "url": "https://hackerone.com/reports/1237750", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39909.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39909.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks vaib25vicky for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39911.json b/2021/39xxx/CVE-2021-39911.json index ac5afcd8ab0..fc490b7028f 100644 --- a/2021/39xxx/CVE-2021-39911.json +++ b/2021/39xxx/CVE-2021-39911.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39911", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=13.9, <14.4.1" + }, + { + "version_value": ">=13.8, <14.3.4" + }, + { + "version_value": ">=13.7, <14.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposure of private information ('privacy violation') in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/297470", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/297470", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39911.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper access control flaw in GitLab CE/EE since version 13.9 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 1.7, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39912.json b/2021/39xxx/CVE-2021-39912.json index e1a234be925..52dd8b3d097 100644 --- a/2021/39xxx/CVE-2021-39912.json +++ b/2021/39xxx/CVE-2021-39912.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39912", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=14.4, <14.4.1" + }, + { + "version_value": ">=14.3, <14.3.4" + }, + { + "version_value": ">=13.7, <14.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/341363", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/341363", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1330882", + "url": "https://hackerone.com/reports/1330882", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39912.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39912.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks @haquaman for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39913.json b/2021/39xxx/CVE-2021-39913.json index 4d5f8b207a2..77e1b31f364 100644 --- a/2021/39xxx/CVE-2021-39913.json +++ b/2021/39xxx/CVE-2021-39913.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39913", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=0.8.0, <14.4.1" + }, + { + "version_value": ">=0.8.0, <14.3.4" + }, + { + "version_value": ">=0.8.0, <14.2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inclusion of sensitive information in log files in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/28074", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/28074", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39913.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39913.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Accidental logging of system root password in the migration log in all versions of GitLab CE/EE allows an attacker with local file system access to obtain system root-level privileges" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/39xxx/CVE-2021-39914.json b/2021/39xxx/CVE-2021-39914.json index 7fb8db45a5f..812bfa905f9 100644 --- a/2021/39xxx/CVE-2021-39914.json +++ b/2021/39xxx/CVE-2021-39914.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39914", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=8.13, <14.2.6" + }, + { + "version_value": ">=14.3.0, <14.3.4" + }, + { + "version_value": ">=14.4.0, <14.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/289948", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/289948", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39914.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39914.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 3.0, + "baseSeverity": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3440.json b/2021/3xxx/CVE-2021-3440.json index a0e27bb61e8..ff14538a849 100644 --- a/2021/3xxx/CVE-2021-3440.json +++ b/2021/3xxx/CVE-2021-3440.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP Print and Scan Doctor, an application within the HP Smart App for Windows", + "version": { + "version_data": [ + { + "version_value": "Before 128.1.217" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_4120228-4120263-16/hpsbpi03727", + "url": "https://support.hp.com/us-en/document/ish_4120228-4120263-16/hpsbpi03727" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege." } ] } diff --git a/2021/3xxx/CVE-2021-3520.json b/2021/3xxx/CVE-2021-3520.json index 4834c7e75bf..0a97836e04a 100644 --- a/2021/3xxx/CVE-2021-3520.json +++ b/2021/3xxx/CVE-2021-3520.json @@ -58,6 +58,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0005/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0005/" } ] }, diff --git a/2021/3xxx/CVE-2021-3576.json b/2021/3xxx/CVE-2021-3576.json index 3e2316174af..cab51be3401 100644 --- a/2021/3xxx/CVE-2021-3576.json +++ b/2021/3xxx/CVE-2021-3576.json @@ -95,6 +95,11 @@ "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/", "name": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1276/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1276/" } ] }, diff --git a/2021/3xxx/CVE-2021-3579.json b/2021/3xxx/CVE-2021-3579.json index 66c49063415..8f9cac786dd 100644 --- a/2021/3xxx/CVE-2021-3579.json +++ b/2021/3xxx/CVE-2021-3579.json @@ -95,6 +95,11 @@ "refsource": "MISC", "url": "https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/", "name": "https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1277/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1277/" } ] }, diff --git a/2021/3xxx/CVE-2021-3580.json b/2021/3xxx/CVE-2021-3580.json index 8ff898e5a4c..496ded28f0a 100644 --- a/2021/3xxx/CVE-2021-3580.json +++ b/2021/3xxx/CVE-2021-3580.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210918 [SECURITY] [DLA 2760-1] nettle security update", "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0006/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0006/" } ] }, diff --git a/2021/3xxx/CVE-2021-3641.json b/2021/3xxx/CVE-2021-3641.json index ed71c369712..6ed2b07788f 100644 --- a/2021/3xxx/CVE-2021-3641.json +++ b/2021/3xxx/CVE-2021-3641.json @@ -1,18 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2021-10-30T09:00:00.000Z", "ID": "CVE-2021-3641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GravityZone", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "7.1.2.33" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "@Kharosx0 working with Trend Micro Zero Day Initiative" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/improper-link-resolution-before-file-access-in-bitdefender-gravityzone-va-9921", + "name": "https://www.bitdefender.com/support/security-advisories/improper-link-resolution-before-file-access-in-bitdefender-gravityzone-va-9921" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "An automatic update to a newer version of Bitdefender Endpoint Security Tools for Windows fixes the issue" + } + ], + "source": { + "defect": [ + "VA-9921" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3704.json b/2021/3xxx/CVE-2021-3704.json index 1e8cb38ebb2..7d073bb35ad 100644 --- a/2021/3xxx/CVE-2021-3704.json +++ b/2021/3xxx/CVE-2021-3704.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP LaserJet Pro M501 Series J8H61A; HP LaserJet Pro M501 Series J8H60A", + "version": { + "version_data": [ + { + "version_value": "before 20210810" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_4411563-4411589-16/hpsbpi03741", + "url": "https://support.hp.com/us-en/document/ish_4411563-4411589-16/hpsbpi03741" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device." } ] } diff --git a/2021/3xxx/CVE-2021-3705.json b/2021/3xxx/CVE-2021-3705.json index 0575a8a2e60..560c96982a9 100644 --- a/2021/3xxx/CVE-2021-3705.json +++ b/2021/3xxx/CVE-2021-3705.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HP LaserJet Pro M501 Series J8H61A; HP LaserJet Pro M501 Series J8H60A", + "version": { + "version_data": [ + { + "version_value": "before 20210810" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unauthorized configuration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hp.com/us-en/document/ish_4411563-4411589-16/hpsbpi03741", + "url": "https://support.hp.com/us-en/document/ish_4411563-4411589-16/hpsbpi03741" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device." } ] } diff --git a/2021/3xxx/CVE-2021-3765.json b/2021/3xxx/CVE-2021-3765.json index 81104fd637c..19fba0fa3dc 100644 --- a/2021/3xxx/CVE-2021-3765.json +++ b/2021/3xxx/CVE-2021-3765.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Inefficient Regular Expression Complexity in validatorjs/validator.js" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "validatorjs/validator.js", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "13.7.0" + } + ] + } + } + ] + }, + "vendor_name": "validatorjs" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "validator.js is vulnerable to Inefficient Regular Expression Complexity" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1333 Inefficient Regular Expression Complexity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9" + }, + { + "name": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1", + "refsource": "MISC", + "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1" + } + ] + }, + "source": { + "advisory": "c37e975c-21a3-4c5f-9b57-04d63b28cfc9", + "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/3xxx/CVE-2021-3774.json b/2021/3xxx/CVE-2021-3774.json index b88c0ea9df9..d95667ae9e7 100644 --- a/2021/3xxx/CVE-2021-3774.json +++ b/2021/3xxx/CVE-2021-3774.json @@ -1,18 +1,100 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-coordination@incibe.es", "ID": "CVE-2021-3774", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Meross MSS550X Missing Encryption of Sensitive Data" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Meross Smart Wi-Fi 2 Way Wall Switch", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.1.3", + "version_value": "3.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Meross" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Gerard Fuguet Morales" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app via Http/JSON plain request." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-311: Missing Encryption of Sensitive Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.incibe-cert.es/en/early-warning/security-advisories/meross-mss550x-missing-encryption-sensitive-data", + "refsource": "CONFIRM", + "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/meross-mss550x-missing-encryption-sensitive-data" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "This vulnerability has been solved by Meross in MSS550X version 3.2.3" + } + ], + "source": { + "advisory": "INCIBE-2021-0451", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3778.json b/2021/3xxx/CVE-2021-3778.json index 717d7575d64..d412c02c697 100644 --- a/2021/3xxx/CVE-2021-3778.json +++ b/2021/3xxx/CVE-2021-3778.json @@ -94,6 +94,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-84f4cf3244", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-6988830606", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/" } ] }, diff --git a/2021/3xxx/CVE-2021-3796.json b/2021/3xxx/CVE-2021-3796.json index bfda869fed9..39ee172269d 100644 --- a/2021/3xxx/CVE-2021-3796.json +++ b/2021/3xxx/CVE-2021-3796.json @@ -94,6 +94,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-84f4cf3244", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-6988830606", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/" } ] }, diff --git a/2021/3xxx/CVE-2021-3872.json b/2021/3xxx/CVE-2021-3872.json index a5894f26e3a..1e500eb008a 100644 --- a/2021/3xxx/CVE-2021-3872.json +++ b/2021/3xxx/CVE-2021-3872.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-84f4cf3244", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-6988830606", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/" } ] }, diff --git a/2021/3xxx/CVE-2021-3875.json b/2021/3xxx/CVE-2021-3875.json index 5f036f0c8c3..dbb4369158c 100644 --- a/2021/3xxx/CVE-2021-3875.json +++ b/2021/3xxx/CVE-2021-3875.json @@ -84,6 +84,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-84f4cf3244", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-6988830606", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/" } ] }, diff --git a/2021/3xxx/CVE-2021-3896.json b/2021/3xxx/CVE-2021-3896.json index 09c655d374b..c2e8e28773c 100644 --- a/2021/3xxx/CVE-2021-3896.json +++ b/2021/3xxx/CVE-2021-3896.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2021-3896", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2021/3xxx/CVE-2021-3916.json b/2021/3xxx/CVE-2021-3916.json new file mode 100644 index 00000000000..e3c1d0defa6 --- /dev/null +++ b/2021/3xxx/CVE-2021-3916.json @@ -0,0 +1,89 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2021-3916", + "STATE": "PUBLIC", + "TITLE": "Path Traversal in bookstackapp/bookstack" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bookstackapp/bookstack", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "21.10.3" + } + ] + } + } + ] + }, + "vendor_name": "bookstackapp" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/0be32e6b-7c48-43f0-9cec-433000ad8f64", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/0be32e6b-7c48-43f0-9cec-433000ad8f64" + }, + { + "name": "https://github.com/bookstackapp/bookstack/commit/43830a372fc51a8793199d04a34c3f4ebdfccc7b", + "refsource": "MISC", + "url": "https://github.com/bookstackapp/bookstack/commit/43830a372fc51a8793199d04a34c3f4ebdfccc7b" + } + ] + }, + "source": { + "advisory": "0be32e6b-7c48-43f0-9cec-433000ad8f64", + "discovery": "EXTERNAL" + } +} diff --git a/2021/3xxx/CVE-2021-3917.json b/2021/3xxx/CVE-2021-3917.json new file mode 100644 index 00000000000..2c6ab107f16 --- /dev/null +++ b/2021/3xxx/CVE-2021-3917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3919.json b/2021/3xxx/CVE-2021-3919.json new file mode 100644 index 00000000000..fc9b918bce4 --- /dev/null +++ b/2021/3xxx/CVE-2021-3919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3920.json b/2021/3xxx/CVE-2021-3920.json new file mode 100644 index 00000000000..65f07abd1ec --- /dev/null +++ b/2021/3xxx/CVE-2021-3920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3922.json b/2021/3xxx/CVE-2021-3922.json new file mode 100644 index 00000000000..62898a83aed --- /dev/null +++ b/2021/3xxx/CVE-2021-3922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3923.json b/2021/3xxx/CVE-2021-3923.json new file mode 100644 index 00000000000..25becc23ca1 --- /dev/null +++ b/2021/3xxx/CVE-2021-3923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3924.json b/2021/3xxx/CVE-2021-3924.json new file mode 100644 index 00000000000..27bcfed1ed1 --- /dev/null +++ b/2021/3xxx/CVE-2021-3924.json @@ -0,0 +1,89 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@huntr.dev", + "ID": "CVE-2021-3924", + "STATE": "PUBLIC", + "TITLE": "Path Traversal in getgrav/grav" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "getgrav/grav", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "1.7.24" + } + ] + } + } + ] + }, + "vendor_name": "getgrav" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://huntr.dev/bounties/7ca13522-d0c9-4eff-a7dd-6fd1a7f205a2", + "refsource": "CONFIRM", + "url": "https://huntr.dev/bounties/7ca13522-d0c9-4eff-a7dd-6fd1a7f205a2" + }, + { + "name": "https://github.com/getgrav/grav/commit/8f9c417c04b89dc8d2de60b95e7696821b2826ce", + "refsource": "MISC", + "url": "https://github.com/getgrav/grav/commit/8f9c417c04b89dc8d2de60b95e7696821b2826ce" + } + ] + }, + "source": { + "advisory": "7ca13522-d0c9-4eff-a7dd-6fd1a7f205a2", + "discovery": "EXTERNAL" + } +} diff --git a/2021/3xxx/CVE-2021-3925.json b/2021/3xxx/CVE-2021-3925.json new file mode 100644 index 00000000000..37c435ffcd4 --- /dev/null +++ b/2021/3xxx/CVE-2021-3925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3926.json b/2021/3xxx/CVE-2021-3926.json new file mode 100644 index 00000000000..53a67cc0bc7 --- /dev/null +++ b/2021/3xxx/CVE-2021-3926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3927.json b/2021/3xxx/CVE-2021-3927.json index 976c005f5e6..24275df8e79 100644 --- a/2021/3xxx/CVE-2021-3927.json +++ b/2021/3xxx/CVE-2021-3927.json @@ -91,4 +91,4 @@ "advisory": "9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0", "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/3xxx/CVE-2021-3928.json b/2021/3xxx/CVE-2021-3928.json index da1e687696e..e7132d78dcc 100644 --- a/2021/3xxx/CVE-2021-3928.json +++ b/2021/3xxx/CVE-2021-3928.json @@ -91,4 +91,4 @@ "advisory": "29c3ebd2-d601-481c-bf96-76975369d0cd", "discovery": "EXTERNAL" } -} \ No newline at end of file +} diff --git a/2021/3xxx/CVE-2021-3929.json b/2021/3xxx/CVE-2021-3929.json new file mode 100644 index 00000000000..0d91f450911 --- /dev/null +++ b/2021/3xxx/CVE-2021-3929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3930.json b/2021/3xxx/CVE-2021-3930.json new file mode 100644 index 00000000000..9721def05e8 --- /dev/null +++ b/2021/3xxx/CVE-2021-3930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3933.json b/2021/3xxx/CVE-2021-3933.json new file mode 100644 index 00000000000..3931cf73351 --- /dev/null +++ b/2021/3xxx/CVE-2021-3933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3935.json b/2021/3xxx/CVE-2021-3935.json new file mode 100644 index 00000000000..09943a79c07 --- /dev/null +++ b/2021/3xxx/CVE-2021-3935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3936.json b/2021/3xxx/CVE-2021-3936.json new file mode 100644 index 00000000000..67474f637f2 --- /dev/null +++ b/2021/3xxx/CVE-2021-3936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3937.json b/2021/3xxx/CVE-2021-3937.json new file mode 100644 index 00000000000..0f44f047510 --- /dev/null +++ b/2021/3xxx/CVE-2021-3937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3940.json b/2021/3xxx/CVE-2021-3940.json new file mode 100644 index 00000000000..93b8f1aa46d --- /dev/null +++ b/2021/3xxx/CVE-2021-3940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3941.json b/2021/3xxx/CVE-2021-3941.json new file mode 100644 index 00000000000..c00134494b5 --- /dev/null +++ b/2021/3xxx/CVE-2021-3941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3942.json b/2021/3xxx/CVE-2021-3942.json new file mode 100644 index 00000000000..52cb6da2e79 --- /dev/null +++ b/2021/3xxx/CVE-2021-3942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40112.json b/2021/40xxx/CVE-2021-40112.json index e7c75bcb476..7b618d7d0b4 100644 --- a/2021/40xxx/CVE-2021-40112.json +++ b/2021/40xxx/CVE-2021-40112.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Catalyst PON Series ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "10.0", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr" + } + ] + }, + "source": { + "advisory": "cisco-sa-catpon-multivulns-CE3DSYGr", + "defect": [ + [ + "CSCvz61943", + "CSCvz61948", + "CSCvz67097" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40113.json b/2021/40xxx/CVE-2021-40113.json index db74f8117b4..004b5326152 100644 --- a/2021/40xxx/CVE-2021-40113.json +++ b/2021/40xxx/CVE-2021-40113.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Catalyst PON Series ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "10.0", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr" + } + ] + }, + "source": { + "advisory": "cisco-sa-catpon-multivulns-CE3DSYGr", + "defect": [ + [ + "CSCvz61943", + "CSCvz61948", + "CSCvz67097" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40115.json b/2021/40xxx/CVE-2021-40115.json index 5eb117ffcd2..86d00f5b752 100644 --- a/2021/40xxx/CVE-2021-40115.json +++ b/2021/40xxx/CVE-2021-40115.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Video Mesh Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Video Mesh ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Webex Video Mesh Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-videomesh-xss-qjm2BDQf" + } + ] + }, + "source": { + "advisory": "cisco-sa-videomesh-xss-qjm2BDQf", + "defect": [ + [ + "CSCvz59100" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40119.json b/2021/40xxx/CVE-2021-40119.json index 6e7d5e75a70..679aff9f112 100644 --- a/2021/40xxx/CVE-2021-40119.json +++ b/2021/40xxx/CVE-2021-40119.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Policy Suite Static SSH Keys Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Policy Suite (CPS) Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "9.8", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Policy Suite Static SSH Keys Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv" + } + ] + }, + "source": { + "advisory": "cisco-sa-cps-static-key-JmS92hNv", + "defect": [ + [ + "CSCvw24544" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40120.json b/2021/40xxx/CVE-2021-40120.json index b9b7d956bae..c4b721a761f 100644 --- a/2021/40xxx/CVE-2021-40120.json +++ b/2021/40xxx/CVE-2021-40120.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Small Business RV Series Routers Command Injection Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business RV Series Router Firmware ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Small Business RV Series Routers Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-cmdinjection-Z5cWFdK" + } + ] + }, + "source": { + "advisory": "cisco-sa-sbrv-cmdinjection-Z5cWFdK", + "defect": [ + [ + "CSCvz75703", + "CSCvz75705" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40124.json b/2021/40xxx/CVE-2021-40124.json index 496f070c4ee..94a05aa10b1 100644 --- a/2021/40xxx/CVE-2021-40124.json +++ b/2021/40xxx/CVE-2021-40124.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco AnyConnect Secure Mobility Client ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.7", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT" + } + ] + }, + "source": { + "advisory": "cisco-sa-anyconnect-nam-priv-yCsRNUGT", + "defect": [ + [ + "CSCvz67203" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40126.json b/2021/40xxx/CVE-2021-40126.json index d7362f3bd45..a353e93ad48 100644 --- a/2021/40xxx/CVE-2021-40126.json +++ b/2021/40xxx/CVE-2021-40126.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Umbrella Email Enumeration Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Umbrella Insights Virtual Appliance ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-210" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Umbrella Email Enumeration Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-user-enum-S7XfJwDE" + } + ] + }, + "source": { + "advisory": "cisco-sa-umbrella-user-enum-S7XfJwDE", + "defect": [ + [ + "CSCvz11942" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40127.json b/2021/40xxx/CVE-2021-40127.json index 5684889e745..269a7d1c84b 100644 --- a/2021/40xxx/CVE-2021-40127.json +++ b/2021/40xxx/CVE-2021-40127.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business Smart and Managed Switches ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to render the web-based management interface unusable, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a permanent invalid redirect for requests sent to the web-based management interface of the device, resulting in a DoS condition." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8" + } + ] + }, + "source": { + "advisory": "cisco-sa-smb-switches-web-dos-xMyFFkt8", + "defect": [ + [ + "CSCvz62174" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40128.json b/2021/40xxx/CVE-2021-40128.json index 918032287f8..8bd7e2e0a7a 100644 --- a/2021/40xxx/CVE-2021-40128.json +++ b/2021/40xxx/CVE-2021-40128.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-11-03T16:00:00", "ID": "CVE-2021-40128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Meetings Email Content Injection Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Meetings ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-183" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20211103 Cisco Webex Meetings Email Content Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-activation-3sdNFxcy" + } + ] + }, + "source": { + "advisory": "cisco-sa-webex-activation-3sdNFxcy", + "defect": [ + [ + "CSCvz11314" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40260.json b/2021/40xxx/CVE-2021-40260.json index 8dd7ce16e99..bbd1d120363 100644 --- a/2021/40xxx/CVE-2021-40260.json +++ b/2021/40xxx/CVE-2021-40260.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40260", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40260", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sisl.lab.uic.edu/projects/chess/tailor-management/", + "refsource": "MISC", + "name": "https://sisl.lab.uic.edu/projects/chess/tailor-management/" } ] } diff --git a/2021/40xxx/CVE-2021-40261.json b/2021/40xxx/CVE-2021-40261.json index c4f631f9c62..7e1b9c9b74f 100644 --- a/2021/40xxx/CVE-2021-40261.json +++ b/2021/40xxx/CVE-2021-40261.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40261", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40261", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sisl.lab.uic.edu/projects/chess/casap-automated-enrollment-system/", + "refsource": "MISC", + "name": "https://sisl.lab.uic.edu/projects/chess/casap-automated-enrollment-system/" } ] } diff --git a/2021/40xxx/CVE-2021-40348.json b/2021/40xxx/CVE-2021-40348.json index b3c7629224e..04cded0931d 100644 --- a/2021/40xxx/CVE-2021-40348.json +++ b/2021/40xxx/CVE-2021-40348.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40348", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40348", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2021/10/28/4", + "url": "http://www.openwall.com/lists/oss-security/2021/10/28/4" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/uyuni-project/uyuni/commit/790c7388efac6923c5475e01c1ff718dffa9f052", + "url": "https://github.com/uyuni-project/uyuni/commit/790c7388efac6923c5475e01c1ff718dffa9f052" } ] } diff --git a/2021/40xxx/CVE-2021-40358.json b/2021/40xxx/CVE-2021-40358.json index 55a3530a2de..4a2ef5ccc3d 100644 --- a/2021/40xxx/CVE-2021-40358.json +++ b/2021/40xxx/CVE-2021-40358.json @@ -1,17 +1,131 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-40358", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-40358", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC PCS 7 V8.2 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V15 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V16", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V17", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.4 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.5", + "version": { + "version_data": [ + { + "version_value": "All versions < V7.5 SP2 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40359.json b/2021/40xxx/CVE-2021-40359.json index 3838d28d3cf..a9437a43ae2 100644 --- a/2021/40xxx/CVE-2021-40359.json +++ b/2021/40xxx/CVE-2021-40359.json @@ -1,17 +1,131 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-40359", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-40359", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC PCS 7 V8.2 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V15 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V16", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V17", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.4 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.5", + "version": { + "version_data": [ + { + "version_value": "All versions < V7.5 SP2 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40364.json b/2021/40xxx/CVE-2021-40364.json index 08b2c080c7f..a8c7fb3d11e 100644 --- a/2021/40xxx/CVE-2021-40364.json +++ b/2021/40xxx/CVE-2021-40364.json @@ -1,17 +1,131 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-40364", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-40364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC PCS 7 V8.2 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V15 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V16", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V17", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.4 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.5", + "version": { + "version_data": [ + { + "version_value": "All versions < V7.5 SP2 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Insertion of Sensitive Information into Log File" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40366.json b/2021/40xxx/CVE-2021-40366.json index 7931f76b363..66859ead94a 100644 --- a/2021/40xxx/CVE-2021-40366.json +++ b/2021/40xxx/CVE-2021-40366.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-40366", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-40366", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Climatix POL909 (AWM module)", + "version": { + "version_data": [ + { + "version_value": "All versions < V11.34" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-311: Missing Encryption of Sensitive Data" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40848.json b/2021/40xxx/CVE-2021-40848.json index bb935b0b572..216a967ad0a 100644 --- a/2021/40xxx/CVE-2021-40848.json +++ b/2021/40xxx/CVE-2021-40848.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40848", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40848", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/mahara/+bug/1930471", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/mahara/+bug/1930471" + }, + { + "refsource": "MISC", + "name": "https://mahara.org/interaction/forum/topic.php?id=8950", + "url": "https://mahara.org/interaction/forum/topic.php?id=8950" } ] } diff --git a/2021/40xxx/CVE-2021-40849.json b/2021/40xxx/CVE-2021-40849.json index f63f044f01a..ce0cb31a3ef 100644 --- a/2021/40xxx/CVE-2021-40849.json +++ b/2021/40xxx/CVE-2021-40849.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40849", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40849", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/mahara/+bug/1930469", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/mahara/+bug/1930469" + }, + { + "refsource": "MISC", + "name": "https://mahara.org/interaction/forum/topic.php?id=8949", + "url": "https://mahara.org/interaction/forum/topic.php?id=8949" } ] } diff --git a/2021/40xxx/CVE-2021-40985.json b/2021/40xxx/CVE-2021-40985.json index c4bfc2521b7..04c97ae598d 100644 --- a/2021/40xxx/CVE-2021-40985.json +++ b/2021/40xxx/CVE-2021-40985.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-40985", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-40985", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43", + "refsource": "MISC", + "name": "https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43" + }, + { + "url": "https://github.com/michaelrsweet/htmldoc/issues/444", + "refsource": "MISC", + "name": "https://github.com/michaelrsweet/htmldoc/issues/444" } ] } diff --git a/2021/41xxx/CVE-2021-41019.json b/2021/41xxx/CVE-2021-41019.json index bc5753a615f..90652ad529d 100644 --- a/2021/41xxx/CVE-2021-41019.json +++ b/2021/41xxx/CVE-2021-41019.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41019", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiOS", + "version": { + "version_data": [ + { + "version_value": "FortiOS 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Adjacent", + "availabilityImpact": "None", + "baseScore": 3.2, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "None", + "scope": "Unchanged", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-074", + "url": "https://fortiguard.com/advisory/FG-IR-21-074" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials." } ] } diff --git a/2021/41xxx/CVE-2021-41022.json b/2021/41xxx/CVE-2021-41022.json index 9c9b203ea80..74ef6aaeb2e 100644 --- a/2021/41xxx/CVE-2021-41022.json +++ b/2021/41xxx/CVE-2021-41022.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41022", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEMWindowsAgent", + "version": { + "version_data": [ + { + "version_value": "FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "High", + "baseScore": 7.5, + "baseSeverity": "High", + "confidentialityImpact": "High", + "integrityImpact": "High", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-176", + "url": "https://fortiguard.com/advisory/FG-IR-21-176" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts" } ] } diff --git a/2021/41xxx/CVE-2021-41023.json b/2021/41xxx/CVE-2021-41023.json index d3586113e47..d9b07bc50f5 100644 --- a/2021/41xxx/CVE-2021-41023.json +++ b/2021/41xxx/CVE-2021-41023.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41023", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEMWindowsAgent", + "version": { + "version_data": [ + { + "version_value": "FortiSIEMWindowsAgent 4.1.4, 4.1.3, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.3.0, 3.2.2, 3.2.1, 3.2.0, 3.1.2, 3.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 5.3, + "baseSeverity": "Medium", + "confidentialityImpact": "High", + "integrityImpact": "None", + "privilegesRequired": "Low", + "scope": "Unchanged", + "userInteraction": "None", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:O/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-175", + "url": "https://fortiguard.com/advisory/FG-IR-21-175" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files" } ] } diff --git a/2021/41xxx/CVE-2021-41036.json b/2021/41xxx/CVE-2021-41036.json index e0219ac357d..b1f0a7a7890 100644 --- a/2021/41xxx/CVE-2021-41036.json +++ b/2021/41xxx/CVE-2021-41036.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41036", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@eclipse.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Eclipse Paho MQTT C Client", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.1.0" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/eclipse/paho.mqtt.embedded-c/issues/96", + "refsource": "CONFIRM", + "url": "https://github.com/eclipse/paho.mqtt.embedded-c/issues/96" } ] } -} \ No newline at end of file +} diff --git a/2021/41xxx/CVE-2021-41089.json b/2021/41xxx/CVE-2021-41089.json index d25468bb44e..8e3dd221883 100644 --- a/2021/41xxx/CVE-2021-41089.json +++ b/2021/41xxx/CVE-2021-41089.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-df975338d4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-b5a9a481a2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/" } ] }, diff --git a/2021/41xxx/CVE-2021-41091.json b/2021/41xxx/CVE-2021-41091.json index cb284383ef4..23cf8221c5b 100644 --- a/2021/41xxx/CVE-2021-41091.json +++ b/2021/41xxx/CVE-2021-41091.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-df975338d4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-b5a9a481a2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/" } ] }, diff --git a/2021/41xxx/CVE-2021-41092.json b/2021/41xxx/CVE-2021-41092.json index b4f2b33754d..3528357553b 100644 --- a/2021/41xxx/CVE-2021-41092.json +++ b/2021/41xxx/CVE-2021-41092.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-df975338d4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-b5a9a481a2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/" } ] }, diff --git a/2021/41xxx/CVE-2021-41099.json b/2021/41xxx/CVE-2021-41099.json index 6fbf500e158..d0a4a7cd7b3 100644 --- a/2021/41xxx/CVE-2021-41099.json +++ b/2021/41xxx/CVE-2021-41099.json @@ -102,6 +102,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-61c487f241", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-aa94492a09", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5001", + "url": "https://www.debian.org/security/2021/dsa-5001" } ] }, diff --git a/2021/41xxx/CVE-2021-41103.json b/2021/41xxx/CVE-2021-41103.json index fec77032935..fd97bb39d3b 100644 --- a/2021/41xxx/CVE-2021-41103.json +++ b/2021/41xxx/CVE-2021-41103.json @@ -86,6 +86,16 @@ "refsource": "FEDORA", "name": "FEDORA-2021-df975338d4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-b5a9a481a2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5002", + "url": "https://www.debian.org/security/2021/dsa-5002" } ] }, diff --git a/2021/41xxx/CVE-2021-41134.json b/2021/41xxx/CVE-2021-41134.json index 6342f29465c..d0293c32248 100644 --- a/2021/41xxx/CVE-2021-41134.json +++ b/2021/41xxx/CVE-2021-41134.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Stored XSS in Jupyter nbdime" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nbdime", + "version": { + "version_data": [ + { + "version_value": "< 1.1.1 - nbdime (pip)" + }, + { + "version_value": ">= 2.0.0 , < 2.1.1 - nbdime (pip)" + }, + { + "version_value": ">= 3.0.0, < 3.1.1 - nbdime (pip)" + }, + { + "version_value": "< 5.0.2 - nbdime (npm)" + }, + { + "version_value": ">= 6.0.0, < 6.1.2 - nbdime (npm)" + }, + { + "version_value": "< 1.0.1 - nbdime-jupyterlab (npm)" + }, + { + "version_value": ">= 2.0.0, < 2.1.1 - nbdime-jupyterlab (npm)" + } + ] + } + } + ] + }, + "vendor_name": "jupyter" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simply append .ipynb to the name of the input file. The NbdimeWidget is then created, and the base string is passed through to the request API function. From there, the frontend simply renders the HTML tag and anything along with it. Users are advised to patch to the most recent version of the affected product." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jupyter/nbdime/security/advisories/GHSA-p6rw-44q7-3fw4", + "refsource": "CONFIRM", + "url": "https://github.com/jupyter/nbdime/security/advisories/GHSA-p6rw-44q7-3fw4" + }, + { + "name": "https://github.com/jupyter/nbdime/commit/e44a5cc7677f24b45ebafc756db49058c2f750ea", + "refsource": "MISC", + "url": "https://github.com/jupyter/nbdime/commit/e44a5cc7677f24b45ebafc756db49058c2f750ea" + } + ] + }, + "source": { + "advisory": "GHSA-p6rw-44q7-3fw4", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41174.json b/2021/41xxx/CVE-2021-41174.json index 8714df638e1..a84c9346b2b 100644 --- a/2021/41xxx/CVE-2021-41174.json +++ b/2021/41xxx/CVE-2021-41174.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41174", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XSS vulnerability allowing arbitrary JavaScript execution" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "grafana", + "version": { + "version_data": [ + { + "version_value": ">= 8.0.0, < 8.2.3" + } + ] + } + } + ] + }, + "vendor_name": "grafana" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(‘alert(1)’)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8", + "refsource": "CONFIRM", + "url": "https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8" + }, + { + "name": "https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912" + }, + { + "name": "https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/commit/3cb5214fa45eb5a571fd70d6c6edf0d729983f82" + }, + { + "name": "https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88", + "refsource": "MISC", + "url": "https://github.com/grafana/grafana/commit/fb85ed691290d211a5baa44d9a641ab137f0de88" + } + ] + }, + "source": { + "advisory": "GHSA-3j9m-hcv9-rpj8", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41187.json b/2021/41xxx/CVE-2021-41187.json index 2d1b11f2aa7..6858d4c645a 100644 --- a/2021/41xxx/CVE-2021-41187.json +++ b/2021/41xxx/CVE-2021-41187.json @@ -1,18 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41187", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SQL Injection in DHIS2 Tracker API" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dhis2-core", + "version": { + "version_data": [ + { + "version_value": ">= 2.32.0, < 2.32-EOS" + }, + { + "version_value": ">= 2.33.0, < 2.33-EOS" + }, + { + "version_value": ">= 2.34.0, < 2.34.7" + }, + { + "version_value": ">= 2.35.0, < 2.35.8" + }, + { + "version_value": ">= 2.36.0, < 2.36.4" + } + ] + } + } + ] + }, + "vendor_name": "dhis2" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. However, we strongly recommend that all DHIS2 implementations using versions 2.32, 2.33, 2.34, 2.35 and 2.36 install these patches as soon as possible. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the /api/trackedEntityInstance and /api/events endpoints as a temporary workaround while waiting to upgrade." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-fvm5-gp3j-c7c6", + "refsource": "CONFIRM", + "url": "https://github.com/dhis2/dhis2-core/security/advisories/GHSA-fvm5-gp3j-c7c6" + } + ] + }, + "source": { + "advisory": "GHSA-fvm5-gp3j-c7c6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41195.json b/2021/41xxx/CVE-2021-41195.json index 28674e94845..e92f78f1ee3 100644 --- a/2021/41xxx/CVE-2021-41195.json +++ b/2021/41xxx/CVE-2021-41195.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41195", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Crash in `tf.math.segment_*` operations" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using `AddDim`. However, if the number of elements in the tensor overflows an `int64_t` value, `AddDim` results in a `CHECK` failure which provokes a `std::abort`. Instead, code should use `AddDimWithStatus`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cq76-mxrc-vchh", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cq76-mxrc-vchh" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/46888", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/46888" + }, + { + "name": "https://github.com/tensorflow/tensorflow/pull/51733", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/pull/51733" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/e9c81c1e1a9cd8dd31f4e83676cab61b60658429", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/e9c81c1e1a9cd8dd31f4e83676cab61b60658429" + } + ] + }, + "source": { + "advisory": "GHSA-cq76-mxrc-vchh", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41196.json b/2021/41xxx/CVE-2021-41196.json index 78c18b5f0a8..1a95356814a 100644 --- a/2021/41xxx/CVE-2021-41196.json +++ b/2021/41xxx/CVE-2021-41196.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41196", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Crash in `max_pool3d` when size argument is 0 or negative" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191: Integer Underflow (Wrap or Wraparound)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/51936", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/51936" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/12b1ff82b3f26ff8de17e58703231d5a02ef1b8b" + } + ] + }, + "source": { + "advisory": "GHSA-m539-j985-hcr8", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41197.json b/2021/41xxx/CVE-2021-41197.json index c0cb5f1bda2..d7e5aa3ce04 100644 --- a/2021/41xxx/CVE-2021-41197.json +++ b/2021/41xxx/CVE-2021-41197.json @@ -1,18 +1,114 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41197", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the binary. This is similar to CVE-2021-29584. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/46890", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/46890" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/51908", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/51908" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/7c1692bd417eb4f9b33ead749a41166d6080af85" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/a871989d7b6c18cdebf2fb4f0e5c5b62fbc19edf" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/d81b1351da3e8c884ff836b64458d94e4a157c15" + } + ] + }, + "source": { + "advisory": "GHSA-prcg-wp5q-rv7p", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41198.json b/2021/41xxx/CVE-2021-41198.json index 4cdbaa19614..fa197f8d57c 100644 --- a/2021/41xxx/CVE-2021-41198.json +++ b/2021/41xxx/CVE-2021-41198.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41198", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Overflow/crash in `tf.tile` when tiling tensor is large" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/46911", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/46911" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/9294094df6fea79271778eb7e7ae1bad8b5ef98f", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/9294094df6fea79271778eb7e7ae1bad8b5ef98f" + } + ] + }, + "source": { + "advisory": "GHSA-2p25-55c9-h58q", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41199.json b/2021/41xxx/CVE-2021-41199.json index 9f34ef291ee..e86f15f0f69 100644 --- a/2021/41xxx/CVE-2021-41199.json +++ b/2021/41xxx/CVE-2021-41199.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Overflow/crash in `tf.image.resize` when size is large" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/46914", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/46914" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/e5272d4204ff5b46136a1ef1204fc00597e21837", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/e5272d4204ff5b46136a1ef1204fc00597e21837" + } + ] + }, + "source": { + "advisory": "GHSA-5hx2-qx8j-qjqm", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41200.json b/2021/41xxx/CVE-2021-41200.json index 548d6c199e3..2b92f54aac8 100644 --- a/2021/41xxx/CVE-2021-41200.json +++ b/2021/41xxx/CVE-2021-41200.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Incomplete validation in `tf.summary.create_file_writer`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-617: Reachable Assertion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/46909", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/46909" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/874bda09e6702cd50bac90b453b50bcc65b2769e", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/874bda09e6702cd50bac90b453b50bcc65b2769e" + } + ] + }, + "source": { + "advisory": "GHSA-gh8h-7j2j-qv4f", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41201.json b/2021/41xxx/CVE-2021-41201.json index b405cb26bb0..1303d512b7b 100644 --- a/2021/41xxx/CVE-2021-41201.json +++ b/2021/41xxx/CVE-2021-41201.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Unitialized access in `EinsumHelper::ParseEquation`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to `true` and never assigns `false`. This results in unitialized variable access if callers assume that `EinsumHelper::ParseEquation()` always sets these flags. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6" + } + ] + }, + "source": { + "advisory": "GHSA-j86v-p27c-73fm", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41202.json b/2021/41xxx/CVE-2021-41202.json index 3676dba5b22..67260d92c87 100644 --- a/2021/41xxx/CVE-2021-41202.json +++ b/2021/41xxx/CVE-2021-41202.json @@ -1,18 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41202", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Overflow/crash in `tf.range`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branches of the condition will be cast to `double` and the result would be truncated before the assignment. This result in overflows. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-681: Incorrect Conversion between Numeric Types" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/46889", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/46889" + }, + { + "name": "https://github.com/tensorflow/tensorflow/issues/46912", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/issues/46912" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/1b0e0ec27e7895b9985076eab32445026ae5ca94" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/6d94002a09711d297dbba90390d5482b76113899" + } + ] + }, + "source": { + "advisory": "GHSA-xrqm-fpgr-6hhx", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41203.json b/2021/41xxx/CVE-2021-41203.json index 9ad0f3fb78d..102d48cc1ee 100644 --- a/2021/41xxx/CVE-2021-41203.json +++ b/2021/41xxx/CVE-2021-41203.json @@ -1,18 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Missing validation during checkpoint loading" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. The fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/368af875869a204b4ac552b9ddda59f6a46a56ec" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/abcced051cb1bd8fb05046ac3b6023a7ebcc4578" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/b619c6f865715ca3b15ef1842b5b95edbaa710ad" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/e8dc63704c88007ee4713076605c90188d66f3d2" + } + ] + }, + "source": { + "advisory": "GHSA-7pxj-m4jf-r6h2", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41204.json b/2021/41xxx/CVE-2021-41204.json index eb4f6f61fda..571c0e1bc2d 100644 --- a/2021/41xxx/CVE-2021-41204.json +++ b/2021/41xxx/CVE-2021-41204.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Segfault while copying constant resource tensor" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.1" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659" + } + ] + }, + "source": { + "advisory": "GHSA-786j-5qwq-r36x", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41205.json b/2021/41xxx/CVE-2021-41205.json index a557e3dfdac..c0f10ab88ee 100644 --- a/2021/41xxx/CVE-2021-41205.json +++ b/2021/41xxx/CVE-2021-41205.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d" + } + ] + }, + "source": { + "advisory": "GHSA-49rx-x2rw-pc6f", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41206.json b/2021/41xxx/CVE-2021-41206.json index b18886a5cc6..3d54d810d0e 100644 --- a/2021/41xxx/CVE-2021-41206.json +++ b/2021/41xxx/CVE-2021-41206.json @@ -1,18 +1,119 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Incomplete validation of shapes in multiple TF ops" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there will be multiple fixes for these issues. These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-354: Improper Validation of Integrity Check Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/4d74d8a00b07441cba090a02e0dd9ed385145bf4" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/4dddb2fd0b01cdd196101afbba6518658a2c9e07" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/579261dcd446385831fe4f7457d802a59685121d" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/68422b215e618df5ad375bcdc6d2052e9fd3080a" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/da4aad5946be30e5f049920fa076e1f7ef021261" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/e7f497570abb6b4ae5af4970620cd880e4c0c904" + } + ] + }, + "source": { + "advisory": "GHSA-pgcq-h79j-2f69", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41207.json b/2021/41xxx/CVE-2021-41207.json index 10c318c9eca..fa1051c54a5 100644 --- a/2021/41xxx/CVE-2021-41207.json +++ b/2021/41xxx/CVE-2021-41207.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Division by zero in `ParallelConcat`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369: Divide By Zero" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235" + }, + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h" + } + ] + }, + "source": { + "advisory": "GHSA-7v94-64hj-m82h", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41208.json b/2021/41xxx/CVE-2021-41208.json index 79187ae8398..4f252abee49 100644 --- a/2021/41xxx/CVE-2021-41208.json +++ b/2021/41xxx/CVE-2021-41208.json @@ -1,18 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Incomplete validation in boosted trees code" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow's boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c" + } + ] + }, + "source": { + "advisory": "GHSA-57wx-m983-2f88", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41209.json b/2021/41xxx/CVE-2021-41209.json index 0a5e2ef0dd0..b43d692231c 100644 --- a/2021/41xxx/CVE-2021-41209.json +++ b/2021/41xxx/CVE-2021-41209.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "FPE in convolutions with zero size filters" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369: Divide By Zero" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235" + } + ] + }, + "source": { + "advisory": "GHSA-6hpv-v2rx-c5g6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41210.json b/2021/41xxx/CVE-2021-41210.json index 9d681594b6c..c0298e2202c 100644 --- a/2021/41xxx/CVE-2021-41210.json +++ b/2021/41xxx/CVE-2021-41210.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2" + } + ] + }, + "source": { + "advisory": "GHSA-m342-ff57-4jcc", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41211.json b/2021/41xxx/CVE-2021-41211.json index 29c5c215ce9..3570ae9b84c 100644 --- a/2021/41xxx/CVE-2021-41211.json +++ b/2021/41xxx/CVE-2021-41211.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Heap OOB read in shape inference for `QuantizeV2`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing data before the start of a heap buffer. The code allows `axis` to be an optional argument (`s` would contain an `error::NOT_FOUND` error code). Otherwise, it assumes that `axis` is a valid index into the dimensions of the `input` tensor. If `axis` is less than `-1` then this results in a heap OOB read. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvgx-3v3q-m36c", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvgx-3v3q-m36c" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/a0d64445116c43cf46a5666bd4eee28e7a82f244", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/a0d64445116c43cf46a5666bd4eee28e7a82f244" + } + ] + }, + "source": { + "advisory": "GHSA-cvgx-3v3q-m36c", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41212.json b/2021/41xxx/CVE-2021-41212.json index f21d20558f1..860bf94c111 100644 --- a/2021/41xxx/CVE-2021-41212.json +++ b/2021/41xxx/CVE-2021-41212.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Heap OOB read in `tf.ragged.cross`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8" + } + ] + }, + "source": { + "advisory": "GHSA-fr77-rrx3-cp7g", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41213.json b/2021/41xxx/CVE-2021-41213.json index 426c397b914..f34bf7f8d42 100644 --- a/2021/41xxx/CVE-2021-41213.json +++ b/2021/41xxx/CVE-2021-41213.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Deadlock in mutually recursive `tf.function` objects" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-667: Improper Locking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7" + } + ] + }, + "source": { + "advisory": "GHSA-h67m-xg8f-fxcf", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41214.json b/2021/41xxx/CVE-2021-41214.json index 2f299d757f9..d1709a96071 100644 --- a/2021/41xxx/CVE-2021-41214.json +++ b/2021/41xxx/CVE-2021-41214.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Reference binding to `nullptr` in `tf.ragged.cross`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8" + }, + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v" + } + ] + }, + "source": { + "advisory": "GHSA-vwhq-49r4-gj9v", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41215.json b/2021/41xxx/CVE-2021-41215.json index cf1b9e51772..0057873c0f5 100644 --- a/2021/41xxx/CVE-2021-41215.json +++ b/2021/41xxx/CVE-2021-41215.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41215", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Null pointer exception in `DeserializeSparse`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with positive rank (and having `3` as the last dimension). The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850" + } + ] + }, + "source": { + "advisory": "GHSA-x3v8-c8qx-3j3r", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41216.json b/2021/41xxx/CVE-2021-41216.json index d2ab11b20b3..9371bcec59f 100644 --- a/2021/41xxx/CVE-2021-41216.json +++ b/2021/41xxx/CVE-2021-41216.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Heap buffer overflow in `Transpose`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14" + } + ] + }, + "source": { + "advisory": "GHSA-3ff2-r28g-w7h9", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41217.json b/2021/41xxx/CVE-2021-41217.json index 3436c058740..56b688e85d3 100644 --- a/2021/41xxx/CVE-2021-41217.json +++ b/2021/41xxx/CVE-2021-41217.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41217", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Null pointer exception when `Exit` node is not preceded by `Enter` op" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an `Enter` node) always exists when encountering the second node (e.g., an `Exit` node). When this is not the case, `parent` is `nullptr` so dereferencing it causes a crash. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff" + } + ] + }, + "source": { + "advisory": "GHSA-5crj-c72x-m7gq", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41218.json b/2021/41xxx/CVE-2021-41218.json index 9bdb26cc26a..aa9d42c74cb 100644 --- a/2021/41xxx/CVE-2021-41218.json +++ b/2021/41xxx/CVE-2021-41218.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Integer division by 0 in `tf.raw_ops.AllToAll`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369: Divide By Zero" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc" + } + ] + }, + "source": { + "advisory": "GHSA-9crf-c6qr-r273", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41219.json b/2021/41xxx/CVE-2021-41219.json index 68d15e9d9f9..7d7729c55b0 100644 --- a/2021/41xxx/CVE-2021-41219.json +++ b/2021/41xxx/CVE-2021-41219.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Undefined behavior via `nullptr` reference binding in sparse matrix multiplication" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, we should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae" + } + ] + }, + "source": { + "advisory": "GHSA-4f99-p9c2-3j8x", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41220.json b/2021/41xxx/CVE-2021-41220.json index e367f97503f..173b397e148 100644 --- a/2021/41xxx/CVE-2021-41220.json +++ b/2021/41xxx/CVE-2021-41220.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Use after free in `CollectiveReduceV2`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gpfh-jvf9-7wg5" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/ca38dab9d3ee66c5de06f11af9a4b1200da5ef75" + } + ] + }, + "source": { + "advisory": "GHSA-gpfh-jvf9-7wg5", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41221.json b/2021/41xxx/CVE-2021-41221.json index ec6cad6b105..f187e9cd068 100644 --- a/2021/41xxx/CVE-2021-41221.json +++ b/2021/41xxx/CVE-2021-41221.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41221", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Access to invalid memory during shape inference in `Cudnn*` ops" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6" + } + ] + }, + "source": { + "advisory": "GHSA-cqv6-3phm-hcwx", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41222.json b/2021/41xxx/CVE-2021-41222.json index 8e2c179e9a9..e955ef931fe 100644 --- a/2021/41xxx/CVE-2021-41222.json +++ b/2021/41xxx/CVE-2021-41222.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41222", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Segfault due to negative splits in `SplitV`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-682: Incorrect Calculation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6" + } + ] + }, + "source": { + "advisory": "GHSA-cpf4-wx82-gxp6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41223.json b/2021/41xxx/CVE-2021-41223.json index 3a768809ce7..5c5e6aaf5a8 100644 --- a/2021/41xxx/CVE-2021-41223.json +++ b/2021/41xxx/CVE-2021-41223.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Heap OOB read in `FusedBatchNorm` kernels" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda" + } + ] + }, + "source": { + "advisory": "GHSA-f54p-f6jp-4rhr", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41224.json b/2021/41xxx/CVE-2021-41224.json index 3f8475b2b79..cae73389316 100644 --- a/2021/41xxx/CVE-2021-41224.json +++ b/2021/41xxx/CVE-2021-41224.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41224", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "`SparseFillEmptyRows` heap OOB read" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b" + } + ] + }, + "source": { + "advisory": "GHSA-rg3m-hqc5-344v", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41225.json b/2021/41xxx/CVE-2021-41225.json index 79c58139823..0c755722793 100644 --- a/2021/41xxx/CVE-2021-41225.json +++ b/2021/41xxx/CVE-2021-41225.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41225", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "A use of uninitialized value vulnerability in Tensorflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3" + } + ] + }, + "source": { + "advisory": "GHSA-7r94-xv9v-63jw", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41226.json b/2021/41xxx/CVE-2021-41226.json index 8ef450dee42..3a08efb5369 100644 --- a/2021/41xxx/CVE-2021-41226.json +++ b/2021/41xxx/CVE-2021-41226.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Heap OOB read in `SparseBinCount`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba" + } + ] + }, + "source": { + "advisory": "GHSA-374m-jm66-3vj8", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41227.json b/2021/41xxx/CVE-2021-41227.json index c1c88447307..3566a9b05b4 100644 --- a/2021/41xxx/CVE-2021-41227.json +++ b/2021/41xxx/CVE-2021-41227.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41227", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Arbitrary memory read in `ImmutableConst`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585" + } + ] + }, + "source": { + "advisory": "GHSA-j8c8-67vp-6mx7", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41228.json b/2021/41xxx/CVE-2021-41228.json index f41e4389b6b..8a7dfd9a7d0 100644 --- a/2021/41xxx/CVE-2021-41228.json +++ b/2021/41xxx/CVE-2021-41228.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41228", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Code injection in `saved_model_cli`" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tensorflow", + "version": { + "version_data": [ + { + "version_value": ">= 2.6.0, < 2.6.1" + }, + { + "version_value": ">= 2.5.0, < 2.5.2" + }, + { + "version_value": "< 2.4.4" + } + ] + } + } + ] + }, + "vendor_name": "tensorflow" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v", + "refsource": "CONFIRM", + "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v" + }, + { + "name": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", + "refsource": "MISC", + "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7" + } + ] + }, + "source": { + "advisory": "GHSA-3rcw-9p9x-582v", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41230.json b/2021/41xxx/CVE-2021-41230.json index cb2efa716c4..a5738505f62 100644 --- a/2021/41xxx/CVE-2021-41230.json +++ b/2021/41xxx/CVE-2021-41230.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "OIDC claims not updated from Identity Provider in Pomerium" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pomerium", + "version": { + "version_data": [ + { + "version_value": ">= 0.14.0, < 0.15.6" + } + ] + } + } + ] + }, + "vendor_name": "pomerium" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user's claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pomerium/pomerium/security/advisories/GHSA-j6wp-3859-vxfg", + "refsource": "CONFIRM", + "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-j6wp-3859-vxfg" + }, + { + "name": "https://github.com/pomerium/pomerium/pull/2724", + "refsource": "MISC", + "url": "https://github.com/pomerium/pomerium/pull/2724" + } + ] + }, + "source": { + "advisory": "GHSA-j6wp-3859-vxfg", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41232.json b/2021/41xxx/CVE-2021-41232.json index ff18e16ca70..03cbc34ec7c 100644 --- a/2021/41xxx/CVE-2021-41232.json +++ b/2021/41xxx/CVE-2021-41232.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41232", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Improper Neutralization of Special Elements used in an LDAP Query" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "thunderdome-planning-poker", + "version": { + "version_data": [ + { + "version_value": "< 2.0.0" + } + ] + } + } + ] + }, + "vendor_name": "StevenWeathers" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj", + "refsource": "CONFIRM", + "url": "https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj" + }, + { + "name": "https://github.com/github/securitylab/issues/464#issuecomment-957094994", + "refsource": "MISC", + "url": "https://github.com/github/securitylab/issues/464#issuecomment-957094994" + }, + { + "name": "https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1", + "refsource": "MISC", + "url": "https://github.com/StevenWeathers/thunderdome-planning-poker/commit/f1524d01e8a0f2d6c3db5461c742456c692dd8c1" + } + ] + }, + "source": { + "advisory": "GHSA-26cm-qrc6-mfgj", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41238.json b/2021/41xxx/CVE-2021-41238.json index dafe3f78691..4920dae376d 100644 --- a/2021/41xxx/CVE-2021-41238.json +++ b/2021/41xxx/CVE-2021-41238.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41238", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Missing Authorization with Default Settings in Dashboard UI" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hangfire", + "version": { + "version_data": [ + { + "version_value": "= 1.7.25" + } + ] + } + } + ] + }, + "vendor_name": "HangfireIO" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, `LocalRequestsOnlyAuthorizationFilter` filter is being used to allow only local requests and prohibit all the remote requests to provide sensible, protected by default settings. However due to the recent changes, in version 1.7.25 no authorization filters are used by default, allowing remote requests to succeed. If you are using `UseHangfireDashboard` method with default `DashboardOptions.Authorization` property value, then your installation is impacted. If any other authorization filter is specified in the `DashboardOptions.Authorization` property, the you are not impacted. Patched versions (1.7.26) are available both on Nuget.org and as a tagged release on the github repo. Default authorization rules now prohibit remote requests by default again by including the `LocalRequestsOnlyAuthorizationFilter` filter to the default settings. Please upgrade to the newest version in order to mitigate the issue. For users who are unable to upgrade it is possible to mitigate the issue by using the `LocalRequestsOnlyAuthorizationFilter` explicitly when configuring the Dashboard UI." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/HangfireIO/Hangfire/security/advisories/GHSA-7rq6-7gv8-c37h", + "refsource": "CONFIRM", + "url": "https://github.com/HangfireIO/Hangfire/security/advisories/GHSA-7rq6-7gv8-c37h" + }, + { + "name": "https://github.com/HangfireIO/Hangfire/issues/1958", + "refsource": "MISC", + "url": "https://github.com/HangfireIO/Hangfire/issues/1958" + } + ] + }, + "source": { + "advisory": "GHSA-7rq6-7gv8-c37h", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41247.json b/2021/41xxx/CVE-2021-41247.json index 7f0bf2de148..b322a5278ce 100644 --- a/2021/41xxx/CVE-2021-41247.json +++ b/2021/41xxx/CVE-2021-41247.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "incomplete logout in JupyterHub" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jupyterhub", + "version": { + "version_data": [ + { + "version_value": ">= 1.0.0, < 1.5.0 - jupyterhub (pip)" + }, + { + "version_value": "< 1.2.0 - jupyterhub (helm) " + } + ] + } + } + ] + }, + "vendor_name": "jupyterhub" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613: Insufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7", + "refsource": "CONFIRM", + "url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7" + }, + { + "name": "https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27", + "refsource": "MISC", + "url": "https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27" + } + ] + }, + "source": { + "advisory": "GHSA-cw7p-q79f-m2v7", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41248.json b/2021/41xxx/CVE-2021-41248.json index 64e0b339fee..daf5070904f 100644 --- a/2021/41xxx/CVE-2021-41248.json +++ b/2021/41xxx/CVE-2021-41248.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41248", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XSS vulnerability in GraphiQL" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "graphiql", + "version": { + "version_data": [ + { + "version_value": ">= 0.5.0, < 1.4.7" + } + ] + } + } + ] + }, + "vendor_name": "graphql" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than graphiql@1.4.7 are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete. In order for the attack to take place, the user must load a vulnerable schema in graphiql. There are a number of ways that can occur. By default, the schema URL is not attacker-controllable in graphiql or in its suggested implementations or examples, leaving only very complex attack vectors. If a custom implementation of graphiql's fetcher allows the schema URL to be set dynamically, such as a URL query parameter like ?endpoint= in graphql-playground, or a database provided value, then this custom graphiql implementation is vulnerable to phishing attacks, and thus much more readily available, low or no privelege level xss attacks. The URLs could look like any generic looking graphql schema URL. It should be noted that desktop clients such as Altair, Insomnia, Postwoman, do not appear to be impacted by this. This vulnerability does not impact codemirror-graphql, monaco-graphql or other dependents, as it exists in onHasCompletion.ts in graphiql. It does impact all forks of graphiql, and every released version of graphiql." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8", + "refsource": "CONFIRM", + "url": "https://github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8" + }, + { + "name": "https://github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7", + "refsource": "MISC", + "url": "https://github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7" + }, + { + "name": "https://github.com/graphql/graphiql/commit/cb237eeeaf7333c4954c752122261db7520f7bf4", + "refsource": "MISC", + "url": "https://github.com/graphql/graphiql/commit/cb237eeeaf7333c4954c752122261db7520f7bf4" + } + ] + }, + "source": { + "advisory": "GHSA-x4r7-m2q9-69c8", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41249.json b/2021/41xxx/CVE-2021-41249.json index e3cbe60c2a0..94534b4e1cf 100644 --- a/2021/41xxx/CVE-2021-41249.json +++ b/2021/41xxx/CVE-2021-41249.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41249", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XSS vulnerability in GraphQL Playground" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "graphql-playground", + "version": { + "version_data": [ + { + "version_value": "< 1.7.28" + } + ] + } + } + ] + }, + "vendor_name": "graphql" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than graphql-playground-react@1.7.28 are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete. In order for the attack to take place, the user must load a malicious schema in graphql-playground. There are several ways this can occur, including by specifying the URL to a malicious schema in the endpoint query parameter. If a user clicks on a link to a GraphQL Playground installation that specifies a malicious server, arbitrary JavaScript can run in the user's browser, which can be used to exfiltrate user credentials or other harmful goals. If you are using graphql-playground-react directly in your client app, upgrade to version 1.7.28 or later." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7", + "refsource": "CONFIRM", + "url": "https://github.com/graphql/graphql-playground/security/advisories/GHSA-59r9-6jp6-jcm7" + }, + { + "name": "https://github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8", + "refsource": "MISC", + "url": "https://github.com/graphql/graphiql/security/advisories/GHSA-x4r7-m2q9-69c8" + }, + { + "name": "https://github.com/graphql/graphql-playground/commit/b8a956006835992f12c46b90384a79ab82bcadad", + "refsource": "MISC", + "url": "https://github.com/graphql/graphql-playground/commit/b8a956006835992f12c46b90384a79ab82bcadad" + } + ] + }, + "source": { + "advisory": "GHSA-59r9-6jp6-jcm7", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41250.json b/2021/41xxx/CVE-2021-41250.json index c3a2e0790a2..2a073555792 100644 --- a/2021/41xxx/CVE-2021-41250.json +++ b/2021/41xxx/CVE-2021-41250.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41250", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Presence of non-blacklisted URL bypasses all other filters" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bot", + "version": { + "version_data": [ + { + "version_value": "< 67390298852513d13e0213870e50fb3cff1424e0" + } + ] + } + } + ] + }, + "vendor_name": "python-discord" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/python-discord/bot/security/advisories/GHSA-j8c3-8x46-8pp6", + "refsource": "CONFIRM", + "url": "https://github.com/python-discord/bot/security/advisories/GHSA-j8c3-8x46-8pp6" + }, + { + "name": "https://github.com/python-discord/bot/commit/67390298852513d13e0213870e50fb3cff1424e0", + "refsource": "MISC", + "url": "https://github.com/python-discord/bot/commit/67390298852513d13e0213870e50fb3cff1424e0" + } + ] + }, + "source": { + "advisory": "GHSA-j8c3-8x46-8pp6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41251.json b/2021/41xxx/CVE-2021-41251.json index 474d4049baa..fc1cc8187dc 100644 --- a/2021/41xxx/CVE-2021-41251.json +++ b/2021/41xxx/CVE-2021-41251.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41251", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Possibility to elevate privileges or get unauthorized access to data" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cloud-sdk-js", + "version": { + "version_data": [ + { + "version_value": "< 1.52.0" + } + ] + } + } + ] + }, + "vendor_name": "SAP" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default)." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SAP/cloud-sdk-js/security/advisories/GHSA-gp2f-254m-rh32", + "refsource": "CONFIRM", + "url": "https://github.com/SAP/cloud-sdk-js/security/advisories/GHSA-gp2f-254m-rh32" + }, + { + "name": "https://github.com/SAP/cloud-sdk-js/pull/1769", + "refsource": "MISC", + "url": "https://github.com/SAP/cloud-sdk-js/pull/1769" + }, + { + "name": "https://github.com/SAP/cloud-sdk-js/pull/1770", + "refsource": "MISC", + "url": "https://github.com/SAP/cloud-sdk-js/pull/1770" + } + ] + }, + "source": { + "advisory": "GHSA-gp2f-254m-rh32", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41253.json b/2021/41xxx/CVE-2021-41253.json index 240c9acd684..c2d8c08cc9c 100644 --- a/2021/41xxx/CVE-2021-41253.json +++ b/2021/41xxx/CVE-2021-41253.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Possible heap buffer overflow when using zycore string functions in formatter hooks" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "zydis", + "version": { + "version_data": [ + { + "version_value": "< 3.2.1" + } + ] + } + } + ] + }, + "vendor_name": "zyantific" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn't use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-457: Use of Uninitialized Variable" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g", + "refsource": "CONFIRM", + "url": "https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g" + }, + { + "name": "https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5", + "refsource": "MISC", + "url": "https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5" + }, + { + "name": "https://huntr.dev/bounties/96b0a482-7041-45b1-9327-c6a4a8f32d3a", + "refsource": "MISC", + "url": "https://huntr.dev/bounties/96b0a482-7041-45b1-9327-c6a4a8f32d3a" + }, + { + "name": "https://huntr.dev/bounties/d2536d7d-36ce-4723-928c-98d1ee039784", + "refsource": "MISC", + "url": "https://huntr.dev/bounties/d2536d7d-36ce-4723-928c-98d1ee039784" + } + ] + }, + "source": { + "advisory": "GHSA-q42v-hv86-3m4g", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41310.json b/2021/41xxx/CVE-2021-41310.json index b7a7dd2d825..d56428ba1b5 100644 --- a/2021/41xxx/CVE-2021-41310.json +++ b/2021/41xxx/CVE-2021-41310.json @@ -1,17 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-26T00:00:00", "ID": "CVE-2021-41310", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.5.19", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.11", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.19.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.5.19", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.13.11", + "version_affected": "<" + }, + { + "version_value": "8.14.0", + "version_affected": ">=" + }, + { + "version_value": "8.19.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored Cross-Site Scripting (SXSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72800", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72800" } ] } diff --git a/2021/41xxx/CVE-2021-41312.json b/2021/41xxx/CVE-2021-41312.json index 22909e8731c..1420f8d0f5b 100644 --- a/2021/41xxx/CVE-2021-41312.json +++ b/2021/41xxx/CVE-2021-41312.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-26T00:00:00", "ID": "CVE-2021-41312", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.19.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.19.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72801", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72801" } ] } diff --git a/2021/41xxx/CVE-2021-41313.json b/2021/41xxx/CVE-2021-41313.json index bdb9f9feeec..cc4df1d3929 100644 --- a/2021/41xxx/CVE-2021-41313.json +++ b/2021/41xxx/CVE-2021-41313.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2021-10-26T00:00:00", "ID": "CVE-2021-41313", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira Server", + "version": { + "version_data": [ + { + "version_value": "8.21.0", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Data Center", + "version": { + "version_data": [ + { + "version_value": "8.21.0", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.21.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-72898", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-72898" } ] } diff --git a/2021/41xxx/CVE-2021-41322.json b/2021/41xxx/CVE-2021-41322.json index a940bf78292..564d1b882d1 100644 --- a/2021/41xxx/CVE-2021-41322.json +++ b/2021/41xxx/CVE-2021-41322.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Polycom VVX 400/410 version 5.3.1 allows low-privileged users to change the Admin account password by modifying a POST parameter name during the password reset process." + "value": "Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process." } ] }, diff --git a/2021/41xxx/CVE-2021-41492.json b/2021/41xxx/CVE-2021-41492.json index 5d105128e5e..25232e69d90 100644 --- a/2021/41xxx/CVE-2021-41492.json +++ b/2021/41xxx/CVE-2021-41492.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41492", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41492", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://3xpl017.blogspot.com/2021/09/multiple-sql-injections-in.html", + "refsource": "MISC", + "name": "https://3xpl017.blogspot.com/2021/09/multiple-sql-injections-in.html" } ] } diff --git a/2021/41xxx/CVE-2021-41524.json b/2021/41xxx/CVE-2021-41524.json index a06d82f3081..93eeb1a8206 100644 --- a/2021/41xxx/CVE-2021-41524.json +++ b/2021/41xxx/CVE-2021-41524.json @@ -92,6 +92,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20211029-0009/", "url": "https://security.netapp.com/advisory/ntap-20211029-0009/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-f94985afca", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/" } ] }, diff --git a/2021/41xxx/CVE-2021-41533.json b/2021/41xxx/CVE-2021-41533.json index 4e2c478e468..78ee6865629 100644 --- a/2021/41xxx/CVE-2021-41533.json +++ b/2021/41xxx/CVE-2021-41533.json @@ -14,6 +14,16 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "NX 1980 Series", + "version": { + "version_data": [ + { + "version_value": "All versions < V1984" + } + ] + } + }, { "product_name": "Solid Edge SE2021", "version": { @@ -46,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565)." + "value": "A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565)." } ] }, @@ -61,6 +71,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1117/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1117/" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf" } ] } diff --git a/2021/41xxx/CVE-2021-41534.json b/2021/41xxx/CVE-2021-41534.json index 8285b825dbd..13a270c67a8 100644 --- a/2021/41xxx/CVE-2021-41534.json +++ b/2021/41xxx/CVE-2021-41534.json @@ -14,6 +14,16 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "NX 1980 Series", + "version": { + "version_data": [ + { + "version_value": "All versions < V1984" + } + ] + } + }, { "product_name": "Solid Edge SE2021", "version": { @@ -46,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703)." + "value": "A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703)." } ] }, @@ -57,6 +67,11 @@ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf" }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf" + }, { "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1118/", diff --git a/2021/41xxx/CVE-2021-41535.json b/2021/41xxx/CVE-2021-41535.json index c812cfa5aa3..70362efaed9 100644 --- a/2021/41xxx/CVE-2021-41535.json +++ b/2021/41xxx/CVE-2021-41535.json @@ -14,6 +14,26 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "NX 1953 Series", + "version": { + "version_data": [ + { + "version_value": "All versions < V1973.3700" + } + ] + } + }, + { + "product_name": "NX 1980 Series", + "version": { + "version_data": [ + { + "version_value": "All versions < V1988" + } + ] + } + }, { "product_name": "Solid Edge SE2021", "version": { @@ -46,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771)." + "value": "A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771)." } ] }, @@ -61,6 +81,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1119/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1119/" + }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf" } ] } diff --git a/2021/41xxx/CVE-2021-41538.json b/2021/41xxx/CVE-2021-41538.json index 66e0a6cd884..e2c43b95c87 100644 --- a/2021/41xxx/CVE-2021-41538.json +++ b/2021/41xxx/CVE-2021-41538.json @@ -14,6 +14,26 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "NX 1953 Series", + "version": { + "version_data": [ + { + "version_value": "All versions < V1973.3700" + } + ] + } + }, + { + "product_name": "NX 1980 Series", + "version": { + "version_data": [ + { + "version_value": "All versions < V1988" + } + ] + } + }, { "product_name": "Solid Edge SE2021", "version": { @@ -46,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770)." + "value": "A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770)." } ] }, @@ -57,6 +77,11 @@ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdf" }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf" + }, { "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1122/", diff --git a/2021/41xxx/CVE-2021-41562.json b/2021/41xxx/CVE-2021-41562.json index 4318844eeb4..3e0a450e749 100644 --- a/2021/41xxx/CVE-2021-41562.json +++ b/2021/41xxx/CVE-2021-41562.json @@ -1,18 +1,107 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@snowsoftware.com", + "DATE_PUBLIC": "2021-11-03T14:00:00.000Z", "ID": "CVE-2021-41562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Deletion of arbitrary files vulnerability in Snow Agent for Windows" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snow Agent for Windows", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.7.1" + }, + { + "platform": "Windows", + "version_affected": "<=", + "version_name": "5.0.0", + "version_value": "5.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Snow" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "vp40" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-64" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://community.snowsoftware.com/s/group/0F91r000000QUhPCAW/news-updates", + "name": "https://community.snowsoftware.com/s/group/0F91r000000QUhPCAW/news-updates" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade Snow Agent for Windows to 6.7.2" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41585.json b/2021/41xxx/CVE-2021-41585.json index bccb48adb7f..e841aaeccc8 100644 --- a/2021/41xxx/CVE-2021-41585.json +++ b/2021/41xxx/CVE-2021-41585.json @@ -1,18 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-41585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ATS stops accepting connections on FreeBSD" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "7.0.0 to 9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Apache Traffic Server would like to thank Asbjorn Bjornstad for finding this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cwe" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164", + "name": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41611.json b/2021/41xxx/CVE-2021-41611.json index 8dcc41104b9..644254bf492 100644 --- a/2021/41xxx/CVE-2021-41611.json +++ b/2021/41xxx/CVE-2021-41611.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r", "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-15d2f70a07", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/" } ] } diff --git a/2021/41xxx/CVE-2021-41646.json b/2021/41xxx/CVE-2021-41646.json index ed22346e624..679bd06785f 100644 --- a/2021/41xxx/CVE-2021-41646.json +++ b/2021/41xxx/CVE-2021-41646.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41646", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41646", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/50319", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50319" } ] } diff --git a/2021/41xxx/CVE-2021-41674.json b/2021/41xxx/CVE-2021-41674.json index 04a90379ff8..4de9304982f 100644 --- a/2021/41xxx/CVE-2021-41674.json +++ b/2021/41xxx/CVE-2021-41674.json @@ -56,6 +56,16 @@ "url": "https://github.com/janikwehrli1/0dayHunt/blob/main/E-Negosyo-System-SQLi.txt", "refsource": "MISC", "name": "https://github.com/janikwehrli1/0dayHunt/blob/main/E-Negosyo-System-SQLi.txt" + }, + { + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41674", + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41674" + }, + { + "refsource": "MISC", + "name": "https://streamable.com/sm0uxf", + "url": "https://streamable.com/sm0uxf" } ] } diff --git a/2021/41xxx/CVE-2021-41676.json b/2021/41xxx/CVE-2021-41676.json index 8560503cd91..223ebe390e2 100644 --- a/2021/41xxx/CVE-2021-41676.json +++ b/2021/41xxx/CVE-2021-41676.json @@ -56,6 +56,11 @@ "url": "https://github.com/janikwehrli1/0dayHunt/blob/main/pharmacypossqli.txt", "refsource": "MISC", "name": "https://github.com/janikwehrli1/0dayHunt/blob/main/pharmacypossqli.txt" + }, + { + "refsource": "MISC", + "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41676", + "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41676" } ] } diff --git a/2021/41xxx/CVE-2021-41733.json b/2021/41xxx/CVE-2021-41733.json index f0322fe1e2f..57b07b9748e 100644 --- a/2021/41xxx/CVE-2021-41733.json +++ b/2021/41xxx/CVE-2021-41733.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41733", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41733", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/oppia/oppia/pull/13892", + "refsource": "MISC", + "name": "https://github.com/oppia/oppia/pull/13892" } ] } diff --git a/2021/41xxx/CVE-2021-41746.json b/2021/41xxx/CVE-2021-41746.json index 42d0ffc29b4..8f1021f3c90 100644 --- a/2021/41xxx/CVE-2021-41746.json +++ b/2021/41xxx/CVE-2021-41746.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41746", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41746", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/purple-WL/Yonyou-TurboCRM-SQL-injection/issues/1", + "refsource": "MISC", + "name": "https://github.com/purple-WL/Yonyou-TurboCRM-SQL-injection/issues/1" + }, + { + "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-21956", + "refsource": "MISC", + "name": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-21956" } ] } diff --git a/2021/41xxx/CVE-2021-41748.json b/2021/41xxx/CVE-2021-41748.json index 7315783f6f3..dd7f4837b87 100644 --- a/2021/41xxx/CVE-2021-41748.json +++ b/2021/41xxx/CVE-2021-41748.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41748", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41748", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Incorrect Access Control issue exists in all versions of Portainer.via an unauthorized access vulnerability. The vulnerability is also CNVD-2021-49547" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-49547", + "refsource": "MISC", + "name": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-49547" } ] } diff --git a/2021/41xxx/CVE-2021-41771.json b/2021/41xxx/CVE-2021-41771.json index 1d97604c41a..10b30d86e38 100644 --- a/2021/41xxx/CVE-2021-41771.json +++ b/2021/41xxx/CVE-2021-41771.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41771", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41771", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/0fM21h43arc", + "url": "https://groups.google.com/g/golang-announce/c/0fM21h43arc" } ] } diff --git a/2021/41xxx/CVE-2021-41772.json b/2021/41xxx/CVE-2021-41772.json index 27b12eef019..0dea7a151c3 100644 --- a/2021/41xxx/CVE-2021-41772.json +++ b/2021/41xxx/CVE-2021-41772.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41772", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41772", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://groups.google.com/g/golang-announce/c/0fM21h43arc", + "url": "https://groups.google.com/g/golang-announce/c/0fM21h43arc" } ] } diff --git a/2021/41xxx/CVE-2021-41798.json b/2021/41xxx/CVE-2021-41798.json index c600e87b0dc..9f0c735ee56 100644 --- a/2021/41xxx/CVE-2021-41798.json +++ b/2021/41xxx/CVE-2021-41798.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-56d8173b5e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3dd1b66cbf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" } ] } diff --git a/2021/41xxx/CVE-2021-41799.json b/2021/41xxx/CVE-2021-41799.json index 9ce51a3461e..f3fe4ad80c2 100644 --- a/2021/41xxx/CVE-2021-41799.json +++ b/2021/41xxx/CVE-2021-41799.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-56d8173b5e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3dd1b66cbf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" } ] } diff --git a/2021/41xxx/CVE-2021-41800.json b/2021/41xxx/CVE-2021-41800.json index 9d0b879bbc2..cc31d2ba42c 100644 --- a/2021/41xxx/CVE-2021-41800.json +++ b/2021/41xxx/CVE-2021-41800.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-56d8173b5e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3dd1b66cbf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA/" } ] } diff --git a/2021/41xxx/CVE-2021-41874.json b/2021/41xxx/CVE-2021-41874.json index 1115793586e..c1f147a2321 100644 --- a/2021/41xxx/CVE-2021-41874.json +++ b/2021/41xxx/CVE-2021-41874.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41874", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41874", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.cnvd.org.cn/flaw/show/3832981", + "refsource": "MISC", + "name": "https://www.cnvd.org.cn/flaw/show/3832981" } ] } diff --git a/2021/41xxx/CVE-2021-41973.json b/2021/41xxx/CVE-2021-41973.json index b4204242947..1464c072fdc 100644 --- a/2021/41xxx/CVE-2021-41973.json +++ b/2021/41xxx/CVE-2021-41973.json @@ -1,18 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@apache.org", "ID": "CVE-2021-41973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Apache MINA HTTP listener DOS" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache MINA", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Apache MINA", + "version_value": "2.1.5" + }, + { + "version_affected": "<", + "version_name": "Apache MINA", + "version_value": "2.0.22" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + { + "other": "critical" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211101 [ANNOUNCE] Apache MINA 2.0.22 & 2.1.5 released", + "url": "http://www.openwall.com/lists/oss-security/2021/11/01/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211101 CVE-2021-41973: Apache MINA HTTP listener DOS", + "url": "http://www.openwall.com/lists/oss-security/2021/11/01/8" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41990.json b/2021/41xxx/CVE-2021-41990.json index 723eda6e7ff..852042f27f8 100644 --- a/2021/41xxx/CVE-2021-41990.json +++ b/2021/41xxx/CVE-2021-41990.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b3df83339e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-95fab6a482", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/" } ] } diff --git a/2021/41xxx/CVE-2021-41991.json b/2021/41xxx/CVE-2021-41991.json index ed589ea8cde..18827ab4585 100644 --- a/2021/41xxx/CVE-2021-41991.json +++ b/2021/41xxx/CVE-2021-41991.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b3df83339e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-95fab6a482", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/" } ] } diff --git a/2021/42xxx/CVE-2021-42008.json b/2021/42xxx/CVE-2021-42008.json index ceeefdb7e8e..a836a1593a5 100644 --- a/2021/42xxx/CVE-2021-42008.json +++ b/2021/42xxx/CVE-2021-42008.json @@ -66,6 +66,11 @@ "url": "https://www.youtube.com/watch?v=d5f9xLK8Vhw", "refsource": "MISC", "name": "https://www.youtube.com/watch?v=d5f9xLK8Vhw" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0002/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0002/" } ] } diff --git a/2021/42xxx/CVE-2021-42015.json b/2021/42xxx/CVE-2021-42015.json index 8e0dcccffd2..6c291a7ee5f 100644 --- a/2021/42xxx/CVE-2021-42015.json +++ b/2021/42xxx/CVE-2021-42015.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-42015", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-42015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Mendix Applications using Mendix 7", + "version": { + "version_data": [ + { + "version_value": "All versions < V7.23.26" + } + ] + } + }, + { + "product_name": "Mendix Applications using Mendix 8", + "version": { + "version_data": [ + { + "version_value": "All versions < V8.18.12" + } + ] + } + }, + { + "product_name": "Mendix Applications using Mendix 9", + "version": { + "version_data": [ + { + "version_value": "All versions < V9.6.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-525: Use of Web Browser Cache Containing Sensitive Information" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-338732.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-338732.pdf" } ] } diff --git a/2021/42xxx/CVE-2021-42021.json b/2021/42xxx/CVE-2021-42021.json index 5f071622b13..2e5d80c1a9a 100644 --- a/2021/42xxx/CVE-2021-42021.json +++ b/2021/42xxx/CVE-2021-42021.json @@ -1,17 +1,121 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-42021", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-42021", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Siveillance Video DLNA Server", + "version": { + "version_data": [ + { + "version_value": "2019 R1" + } + ] + } + }, + { + "product_name": "Siveillance Video DLNA Server", + "version": { + "version_data": [ + { + "version_value": "2019 R2" + } + ] + } + }, + { + "product_name": "Siveillance Video DLNA Server", + "version": { + "version_data": [ + { + "version_value": "2019 R3" + } + ] + } + }, + { + "product_name": "Siveillance Video DLNA Server", + "version": { + "version_data": [ + { + "version_value": "2020 R1" + } + ] + } + }, + { + "product_name": "Siveillance Video DLNA Server", + "version": { + "version_data": [ + { + "version_value": "2020 R2" + } + ] + } + }, + { + "product_name": "Siveillance Video DLNA Server", + "version": { + "version_data": [ + { + "version_value": "2020 R3" + } + ] + } + }, + { + "product_name": "Siveillance Video DLNA Server", + "version": { + "version_data": [ + { + "version_value": "2021 R1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-26: Path Traversal: '/dir/../filename'" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application\u2019s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf" } ] } diff --git a/2021/42xxx/CVE-2021-42025.json b/2021/42xxx/CVE-2021-42025.json index aeb854ee863..f66f28ae0fc 100644 --- a/2021/42xxx/CVE-2021-42025.json +++ b/2021/42xxx/CVE-2021-42025.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-42025", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-42025", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Mendix Applications using Mendix 8", + "version": { + "version_data": [ + { + "version_value": "All versions < V8.18.13" + } + ] + } + }, + { + "product_name": "Mendix Applications using Mendix 9", + "version": { + "version_data": [ + { + "version_value": "All versions < V9.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-779699.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-779699.pdf" } ] } diff --git a/2021/42xxx/CVE-2021-42026.json b/2021/42xxx/CVE-2021-42026.json index 850f8963a18..05dc3b99163 100644 --- a/2021/42xxx/CVE-2021-42026.json +++ b/2021/42xxx/CVE-2021-42026.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-42026", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-42026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Mendix Applications using Mendix 8", + "version": { + "version_data": [ + { + "version_value": "All versions < V8.18.13" + } + ] + } + }, + { + "product_name": "Mendix Applications using Mendix 9", + "version": { + "version_data": [ + { + "version_value": "All versions < V9.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863: Incorrect Authorization" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don't have read access to them." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-779699.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-779699.pdf" } ] } diff --git a/2021/42xxx/CVE-2021-42057.json b/2021/42xxx/CVE-2021-42057.json index a4883e86056..64f212d0355 100644 --- a/2021/42xxx/CVE-2021-42057.json +++ b/2021/42xxx/CVE-2021-42057.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42057", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42057", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/blacksmithgu/obsidian-dataview/issues/615", + "url": "https://github.com/blacksmithgu/obsidian-dataview/issues/615" } ] } diff --git a/2021/42xxx/CVE-2021-42072.json b/2021/42xxx/CVE-2021-42072.json index f608dfe5478..d2b41eda34e 100644 --- a/2021/42xxx/CVE-2021-42072.json +++ b/2021/42xxx/CVE-2021-42072.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42072", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42072", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20211102 Barrier \"software KVM switch\" multiple remote security issues", + "url": "http://www.openwall.com/lists/oss-security/2021/11/02/4" + }, + { + "refsource": "MISC", + "name": "https://github.com/debauchee/barrier/releases/tag/v2.4.0", + "url": "https://github.com/debauchee/barrier/releases/tag/v2.4.0" } ] } diff --git a/2021/42xxx/CVE-2021-42073.json b/2021/42xxx/CVE-2021-42073.json index f2799bade23..f118805c9d6 100644 --- a/2021/42xxx/CVE-2021-42073.json +++ b/2021/42xxx/CVE-2021-42073.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42073", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42073", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is \"Unnamed\" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20211102 Barrier \"software KVM switch\" multiple remote security issues", + "url": "http://www.openwall.com/lists/oss-security/2021/11/02/4" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/debauchee/barrier/releases/tag/v2.4.0", + "url": "https://github.com/debauchee/barrier/releases/tag/v2.4.0" } ] } diff --git a/2021/42xxx/CVE-2021-42074.json b/2021/42xxx/CVE-2021-42074.json index 4fc313e0a28..d8aba0c9df1 100644 --- a/2021/42xxx/CVE-2021-42074.json +++ b/2021/42xxx/CVE-2021-42074.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42074", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42074", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20211102 Barrier \"software KVM switch\" multiple remote security issues", + "url": "http://www.openwall.com/lists/oss-security/2021/11/02/4" + }, + { + "refsource": "MISC", + "name": "https://github.com/debauchee/barrier/releases/tag/v2.3.4", + "url": "https://github.com/debauchee/barrier/releases/tag/v2.3.4" } ] } diff --git a/2021/42xxx/CVE-2021-42075.json b/2021/42xxx/CVE-2021-42075.json index 144926e83f8..66c5c1040d2 100644 --- a/2021/42xxx/CVE-2021-42075.json +++ b/2021/42xxx/CVE-2021-42075.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42075", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42075", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20211102 Barrier \"software KVM switch\" multiple remote security issues", + "url": "http://www.openwall.com/lists/oss-security/2021/11/02/4" + }, + { + "refsource": "MISC", + "name": "https://github.com/debauchee/barrier/releases/tag/v2.3.4", + "url": "https://github.com/debauchee/barrier/releases/tag/v2.3.4" } ] } diff --git a/2021/42xxx/CVE-2021-42076.json b/2021/42xxx/CVE-2021-42076.json index ba6465e3da3..b36a141408f 100644 --- a/2021/42xxx/CVE-2021-42076.json +++ b/2021/42xxx/CVE-2021-42076.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42076", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42076", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20211102 Barrier \"software KVM switch\" multiple remote security issues", + "url": "http://www.openwall.com/lists/oss-security/2021/11/02/4" + }, + { + "refsource": "MISC", + "name": "https://github.com/debauchee/barrier/releases/tag/v2.3.4", + "url": "https://github.com/debauchee/barrier/releases/tag/v2.3.4" } ] } diff --git a/2021/42xxx/CVE-2021-42077.json b/2021/42xxx/CVE-2021-42077.json index 15d8033084c..a73b165794d 100644 --- a/2021/42xxx/CVE-2021-42077.json +++ b/2021/42xxx/CVE-2021-42077.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42077", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42077", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164777/PHP-Event-Calendar-Lite-Edition-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/164777/PHP-Event-Calendar-Lite-Edition-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-048.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-048.txt" } ] } diff --git a/2021/42xxx/CVE-2021-42078.json b/2021/42xxx/CVE-2021-42078.json index 531f90b269b..897696a7ee4 100644 --- a/2021/42xxx/CVE-2021-42078.json +++ b/2021/42xxx/CVE-2021-42078.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42078", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42078", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-049.txt", + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-049.txt" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2021/Nov/24", + "url": "http://seclists.org/fulldisclosure/2021/Nov/24" } ] } diff --git a/2021/42xxx/CVE-2021-42325.json b/2021/42xxx/CVE-2021-42325.json index 7bdf94acb3b..980429e08d0 100644 --- a/2021/42xxx/CVE-2021-42325.json +++ b/2021/42xxx/CVE-2021-42325.json @@ -56,6 +56,16 @@ "url": "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782", "refsource": "MISC", "name": "https://github.com/Froxlor/Froxlor/commit/eb592340b022298f62a0a3e8450dbfbe29585782" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/164800/Froxlor-0.10.29.1-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50502", + "url": "https://www.exploit-db.com/exploits/50502" } ] } diff --git a/2021/42xxx/CVE-2021-42327.json b/2021/42xxx/CVE-2021-42327.json index 67684941cc1..dead0deeb58 100644 --- a/2021/42xxx/CVE-2021-42327.json +++ b/2021/42xxx/CVE-2021-42327.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.mail-archive.com/amd-gfx@lists.freedesktop.org/msg69080.html", "url": "https://www.mail-archive.com/amd-gfx@lists.freedesktop.org/msg69080.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-a093973910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/" } ] } diff --git a/2021/42xxx/CVE-2021-42343.json b/2021/42xxx/CVE-2021-42343.json index defb34d4bb9..72de3e28d85 100644 --- a/2021/42xxx/CVE-2021-42343.json +++ b/2021/42xxx/CVE-2021-42343.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution." + "value": "An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution." } ] }, @@ -56,6 +56,16 @@ "refsource": "MISC", "name": "https://docs.dask.org/en/latest/changelog.html", "url": "https://docs.dask.org/en/latest/changelog.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/dask/dask/tags", + "url": "https://github.com/dask/dask/tags" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr", + "url": "https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr" } ] } diff --git a/2021/42xxx/CVE-2021-42359.json b/2021/42xxx/CVE-2021-42359.json index fc0b1389d59..a2bd6018bca 100644 --- a/2021/42xxx/CVE-2021-42359.json +++ b/2021/42xxx/CVE-2021-42359.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@wordfence.com", "ID": "CVE-2021-42359", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WP DSGVO Tools (GDPR)", + "version": { + "version_data": [ + { + "platform": "WordPress", + "version_affected": "<=", + "version_name": "3.1.23", + "version_value": "3.1.23" + } + ] + } + } + ] + }, + "vendor_name": "legalweb" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Ramuel Gall, Wordfence" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, \u2018admin-dismiss-unsubscribe\u2018, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the \u201caction\u201d parameter set to \u201cadmin-dismiss-unsubscribe\u201d and the \u201cid\u201d parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2021/11/vulnerability-in-wp-dsgvo-tools-gdpr-plugin-allows-unauthenticated-page-deletion/", + "name": "https://www.wordfence.com/blog/2021/11/vulnerability-in-wp-dsgvo-tools-gdpr-plugin-allows-unauthenticated-page-deletion/" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42370.json b/2021/42xxx/CVE-2021-42370.json index 3e54846a51a..496fe50fdc5 100644 --- a/2021/42xxx/CVE-2021-42370.json +++ b/2021/42xxx/CVE-2021-42370.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42370", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42370", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://stor2rrd.com/note730.php", + "url": "https://stor2rrd.com/note730.php" + }, + { + "refsource": "CONFIRM", + "name": "https://lpar2rrd.com/note730.php", + "url": "https://lpar2rrd.com/note730.php" } ] } diff --git a/2021/42xxx/CVE-2021-42371.json b/2021/42xxx/CVE-2021-42371.json index 5c3d7f57ef6..17746ca1503 100644 --- a/2021/42xxx/CVE-2021-42371.json +++ b/2021/42xxx/CVE-2021-42371.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42371", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42371", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://stor2rrd.com/note730.php", + "url": "https://stor2rrd.com/note730.php" + }, + { + "refsource": "CONFIRM", + "name": "https://lpar2rrd.com/note730.php", + "url": "https://lpar2rrd.com/note730.php" } ] } diff --git a/2021/42xxx/CVE-2021-42372.json b/2021/42xxx/CVE-2021-42372.json index e671e3d1eb8..1eae1761fda 100644 --- a/2021/42xxx/CVE-2021-42372.json +++ b/2021/42xxx/CVE-2021-42372.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42372", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42372", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://stor2rrd.com/note730.php", + "url": "https://stor2rrd.com/note730.php" + }, + { + "refsource": "CONFIRM", + "name": "https://lpar2rrd.com/note730.php", + "url": "https://lpar2rrd.com/note730.php" } ] } diff --git a/2021/42xxx/CVE-2021-42543.json b/2021/42xxx/CVE-2021-42543.json index 700c699c9d8..5d9deb3db69 100644 --- a/2021/42xxx/CVE-2021-42543.json +++ b/2021/42xxx/CVE-2021-42543.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-42543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AzeoTech DAQFactory" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DAQFactory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All versions", + "version_value": "New version" + } + ] + } + } + ] + }, + "vendor_name": "AzeoTech" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-242 Use of Inherently Dangerous Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script." + } + ] } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42557.json b/2021/42xxx/CVE-2021-42557.json index 0a24fd4c61a..1e667ea960c 100644 --- a/2021/42xxx/CVE-2021-42557.json +++ b/2021/42xxx/CVE-2021-42557.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42557", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42557", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jeedom/core/releases", + "refsource": "MISC", + "name": "https://github.com/jeedom/core/releases" + }, + { + "refsource": "MISC", + "name": "https://www.synacktiv.com/sites/default/files/2021-10/advisory_Jeedom_Auth_Bypass_CVE-2021-42557.pdf", + "url": "https://www.synacktiv.com/sites/default/files/2021-10/advisory_Jeedom_Auth_Bypass_CVE-2021-42557.pdf" } ] } diff --git a/2021/42xxx/CVE-2021-42568.json b/2021/42xxx/CVE-2021-42568.json index b345ae9a9c6..89d83213c2d 100644 --- a/2021/42xxx/CVE-2021-42568.json +++ b/2021/42xxx/CVE-2021-42568.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42568", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42568", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.sonatype.com", + "refsource": "MISC", + "name": "https://support.sonatype.com" + }, + { + "refsource": "MISC", + "name": "https://support.sonatype.com/hc/en-us/articles/4408801690515-CVE-2021-42568-Nexus-Repository-Manager-3-Incorrect-Access-Control-October-27-2021", + "url": "https://support.sonatype.com/hc/en-us/articles/4408801690515-CVE-2021-42568-Nexus-Repository-Manager-3-Incorrect-Access-Control-October-27-2021" } ] } diff --git a/2021/42xxx/CVE-2021-42624.json b/2021/42xxx/CVE-2021-42624.json index 5198e6cf270..50b3c81b938 100644 --- a/2021/42xxx/CVE-2021-42624.json +++ b/2021/42xxx/CVE-2021-42624.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42624", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42624", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Gabe-commiter/Miniftpd/issues/4", + "refsource": "MISC", + "name": "https://github.com/Gabe-commiter/Miniftpd/issues/4" } ] } diff --git a/2021/42xxx/CVE-2021-42663.json b/2021/42xxx/CVE-2021-42663.json index 9e21d061a7c..738104f9c04 100644 --- a/2021/42xxx/CVE-2021-42663.json +++ b/2021/42xxx/CVE-2021-42663.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42663", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42663", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheHackingRabbi/CVE-2021-42663", + "url": "https://github.com/TheHackingRabbi/CVE-2021-42663" } ] } diff --git a/2021/42xxx/CVE-2021-42665.json b/2021/42xxx/CVE-2021-42665.json index 6ff25c544ac..1b27b2bec6d 100644 --- a/2021/42xxx/CVE-2021-42665.json +++ b/2021/42xxx/CVE-2021-42665.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42665", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42665", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheHackingRabbi/CVE-2021-42665", + "url": "https://github.com/TheHackingRabbi/CVE-2021-42665" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50452", + "url": "https://www.exploit-db.com/exploits/50452" } ] } diff --git a/2021/42xxx/CVE-2021-42667.json b/2021/42xxx/CVE-2021-42667.json index 46e03d6d02e..1916923c05e 100644 --- a/2021/42xxx/CVE-2021-42667.json +++ b/2021/42xxx/CVE-2021-42667.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42667", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42667", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheHackingRabbi/CVE-2021-42667", + "url": "https://github.com/TheHackingRabbi/CVE-2021-42667" } ] } diff --git a/2021/42xxx/CVE-2021-42668.json b/2021/42xxx/CVE-2021-42668.json index 0808489235e..4b2390b858e 100644 --- a/2021/42xxx/CVE-2021-42668.json +++ b/2021/42xxx/CVE-2021-42668.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42668", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42668", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheHackingRabbi/CVE-2021-42668", + "url": "https://github.com/TheHackingRabbi/CVE-2021-42668" } ] } diff --git a/2021/42xxx/CVE-2021-42669.json b/2021/42xxx/CVE-2021-42669.json index b70d130bc50..a12ca4bc735 100644 --- a/2021/42xxx/CVE-2021-42669.json +++ b/2021/42xxx/CVE-2021-42669.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42669", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42669", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing \"\" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheHackingRabbi/CVE-2021-42669", + "url": "https://github.com/TheHackingRabbi/CVE-2021-42669" } ] } diff --git a/2021/42xxx/CVE-2021-42671.json b/2021/42xxx/CVE-2021-42671.json index b584e38d71a..d151aa82581 100644 --- a/2021/42xxx/CVE-2021-42671.json +++ b/2021/42xxx/CVE-2021-42671.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42671", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42671", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheHackingRabbi/CVE-2021-42671", + "url": "https://github.com/TheHackingRabbi/CVE-2021-42671" } ] } diff --git a/2021/42xxx/CVE-2021-42694.json b/2021/42xxx/CVE-2021-42694.json index 14fc90a262d..88abc1e8c73 100644 --- a/2021/42xxx/CVE-2021-42694.json +++ b/2021/42xxx/CVE-2021-42694.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42694", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42694", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.unicode.org/versions/Unicode14.0.0/", + "refsource": "MISC", + "name": "http://www.unicode.org/versions/Unicode14.0.0/" + }, + { + "refsource": "MISC", + "name": "https://trojansource.codes", + "url": "https://trojansource.codes" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211101 CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code", + "url": "http://www.openwall.com/lists/oss-security/2021/11/01/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211101 Trojan Source Attacks", + "url": "http://www.openwall.com/lists/oss-security/2021/11/01/6" + }, + { + "refsource": "CERT-VN", + "name": "VU#999008", + "url": "https://www.kb.cert.org/vuls/id/999008" } ] } diff --git a/2021/42xxx/CVE-2021-42697.json b/2021/42xxx/CVE-2021-42697.json index a30f2f24ab2..77e89332b4c 100644 --- a/2021/42xxx/CVE-2021-42697.json +++ b/2021/42xxx/CVE-2021-42697.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42697", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42697", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://akka.io/blog/", + "refsource": "MISC", + "name": "https://akka.io/blog/" + }, + { + "refsource": "MISC", + "name": "https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html", + "url": "https://doc.akka.io/docs/akka-http/current/security/2021-CVE-2021-42697-stack-overflow-parsing-user-agent.html" + }, + { + "refsource": "MISC", + "name": "https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released", + "url": "https://akka.io/blog/news/2021/11/02/akka-http-10.2.7-released" } ] } diff --git a/2021/42xxx/CVE-2021-42698.json b/2021/42xxx/CVE-2021-42698.json index 64fff5d8e39..0978d31ef5c 100644 --- a/2021/42xxx/CVE-2021-42698.json +++ b/2021/42xxx/CVE-2021-42698.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-42698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AzeoTech DAQFactory" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DAQFactory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All versions", + "version_value": "New version" + } + ] + } + } + ] + }, + "vendor_name": "AzeoTech" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script." + } + ] } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42699.json b/2021/42xxx/CVE-2021-42699.json index 208c126a634..a817c854bd2 100644 --- a/2021/42xxx/CVE-2021-42699.json +++ b/2021/42xxx/CVE-2021-42699.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-42699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AzeoTech DAQFactory" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DAQFactory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All versions", + "version_value": "New version" + } + ] + } + } + ] + }, + "vendor_name": "AzeoTech" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user\u2019s cookie and take over the account." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script." + } + ] } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42701.json b/2021/42xxx/CVE-2021-42701.json index 5cf22defc87..c6844ec60d0 100644 --- a/2021/42xxx/CVE-2021-42701.json +++ b/2021/42xxx/CVE-2021-42701.json @@ -1,18 +1,93 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-42701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AzeoTech DAQFactory" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DAQFactory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "All versions", + "version_value": "New version" + } + ] + } + } + ] + }, + "vendor_name": "AzeoTech" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user\u2019s cloud account." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-471 Modification of Assumed-Immutable Data (MAID)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Users are discouraged from using documents from unknown/untrusted sources.\nUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\nUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\nUsers are encouraged to apply a document editing password to their documents.\nUsers should avoid using the Real Time Web-Connect menu items and instead connect to DAQConnect using script." + } + ] } \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42715.json b/2021/42xxx/CVE-2021-42715.json index fca8d3ecb80..9bb32b420c4 100644 --- a/2021/42xxx/CVE-2021-42715.json +++ b/2021/42xxx/CVE-2021-42715.json @@ -61,6 +61,46 @@ "url": "https://github.com/nothings/stb/pull/1223", "refsource": "MISC", "name": "https://github.com/nothings/stb/pull/1223" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-001f25d986", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-d1446cd1ac", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-f8ba4a690e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-0511a38484", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-082bea5b34", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3fc69d203c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-8ea648186c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-16d848834d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/" } ] } diff --git a/2021/42xxx/CVE-2021-42716.json b/2021/42xxx/CVE-2021-42716.json index ea9b62abadc..c22e5da831e 100644 --- a/2021/42xxx/CVE-2021-42716.json +++ b/2021/42xxx/CVE-2021-42716.json @@ -66,6 +66,46 @@ "url": "https://github.com/nothings/stb/issues/1225", "refsource": "MISC", "name": "https://github.com/nothings/stb/issues/1225" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-001f25d986", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G2M5CRSGPRF7G3YB5CLU4FXW7ANNHAYT/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-d1446cd1ac", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ID6II3RIKAMVGVMC6ZAQIXXYYDMTVC4N/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-f8ba4a690e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEGXBDEMTFGINETMJENBZ6SCHVEJQJSY/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-0511a38484", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CI23LXPEV2GCDQTJSKO6CIILBDTI3R42/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-082bea5b34", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTZXHFZD36BGE5P6JF252NZZLKMGCY4T/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3fc69d203c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2YEXEAJWI76FPM7D7VXHWD3WESQEYC/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-8ea648186c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TDGZFLBOP27LZKLH45WQLSNPSPP7S7Z/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-16d848834d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AF2CNP4FVC6LDKNOO4WDCGNDYIP3MPK6/" } ] } diff --git a/2021/42xxx/CVE-2021-42743.json b/2021/42xxx/CVE-2021-42743.json new file mode 100644 index 00000000000..c1f941200a3 --- /dev/null +++ b/2021/42xxx/CVE-2021-42743.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42743", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42754.json b/2021/42xxx/CVE-2021-42754.json index 55b79c2f44a..fc04cb4cf86 100644 --- a/2021/42xxx/CVE-2021-42754.json +++ b/2021/42xxx/CVE-2021-42754.json @@ -4,14 +4,74 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-42754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiClientMac", + "version": { + "version_data": [ + { + "version_value": "FortiClientMac 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvss": { + "attackComplexity": "Low", + "attackVector": "Local", + "availabilityImpact": "None", + "baseScore": 3.2, + "baseSeverity": "Low", + "confidentialityImpact": "Low", + "integrityImpact": "None", + "privilegesRequired": "Low", + "scope": "Changed", + "userInteraction": "Required", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N/E:F/RL:X/RC:C", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-21-079", + "url": "https://fortiguard.com/advisory/FG-IR-21-079" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file." } ] } diff --git a/2021/42xxx/CVE-2021-42762.json b/2021/42xxx/CVE-2021-42762.json index 501e19b65aa..ddd672132fd 100644 --- a/2021/42xxx/CVE-2021-42762.json +++ b/2021/42xxx/CVE-2021-42762.json @@ -81,6 +81,31 @@ "refsource": "MLIST", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4995", + "url": "https://www.debian.org/security/2021/dsa-4995" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4996", + "url": "https://www.debian.org/security/2021/dsa-4996" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-db6ebb2d68", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-131360fa9a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-483d896d1d", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/" } ] } diff --git a/2021/42xxx/CVE-2021-42763.json b/2021/42xxx/CVE-2021-42763.json index 73742cfd690..fdb0f85d290 100644 --- a/2021/42xxx/CVE-2021-42763.json +++ b/2021/42xxx/CVE-2021-42763.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42763", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42763", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the \"@\" user credentials of the node processing the UI request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", + "refsource": "MISC", + "name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html" + }, + { + "refsource": "MISC", + "name": "https://www.couchbase.com/alerts", + "url": "https://www.couchbase.com/alerts" } ] } diff --git a/2021/42xxx/CVE-2021-42770.json b/2021/42xxx/CVE-2021-42770.json index 3518ef60aef..9fa1b4e7ebe 100644 --- a/2021/42xxx/CVE-2021-42770.json +++ b/2021/42xxx/CVE-2021-42770.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42770", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42770", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cert.orange.com", + "refsource": "MISC", + "name": "https://cert.orange.com" + }, + { + "refsource": "CONFIRM", + "name": "https://opnsense.org/opnsense-21-7-4-released/", + "url": "https://opnsense.org/opnsense-21-7-4-released/" } ] } diff --git a/2021/42xxx/CVE-2021-42837.json b/2021/42xxx/CVE-2021-42837.json index 5131c76aec9..bae5c9caa47 100644 --- a/2021/42xxx/CVE-2021-42837.json +++ b/2021/42xxx/CVE-2021-42837.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42837", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42837", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.talend.com/resources/", + "refsource": "MISC", + "name": "https://www.talend.com/resources/" + }, + { + "refsource": "CONFIRM", + "name": "https://jira.talendforge.org/browse/TAPACHE-180", + "url": "https://jira.talendforge.org/browse/TAPACHE-180" } ] } diff --git a/2021/42xxx/CVE-2021-42917.json b/2021/42xxx/CVE-2021-42917.json index 7900b08d89f..35736f7ca18 100644 --- a/2021/42xxx/CVE-2021-42917.json +++ b/2021/42xxx/CVE-2021-42917.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42917", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42917", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/xbmc/xbmc/issues/20305", + "refsource": "MISC", + "name": "https://github.com/xbmc/xbmc/issues/20305" + }, + { + "url": "https://github.com/xbmc/xbmc/pull/20306", + "refsource": "MISC", + "name": "https://github.com/xbmc/xbmc/pull/20306" + }, + { + "url": "https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237", + "refsource": "MISC", + "name": "https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237" + }, + { + "url": "https://github.com/xbmc/xbmc/commit/48730b64494798705d46dfccc4029bd36d072df3", + "refsource": "MISC", + "name": "https://github.com/xbmc/xbmc/commit/48730b64494798705d46dfccc4029bd36d072df3" } ] } diff --git a/2021/43xxx/CVE-2021-43032.json b/2021/43xxx/CVE-2021-43032.json index 9820f016dd5..be8ef964cfc 100644 --- a/2021/43xxx/CVE-2021-43032.json +++ b/2021/43xxx/CVE-2021-43032.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-43032", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-43032", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://xenforo.com/community/forums/announcements/", + "refsource": "MISC", + "name": "https://xenforo.com/community/forums/announcements/" + }, + { + "refsource": "MISC", + "name": "https://github.com/SakuraSamuraii/CVE-2021-43032", + "url": "https://github.com/SakuraSamuraii/CVE-2021-43032" } ] } diff --git a/2021/43xxx/CVE-2021-43056.json b/2021/43xxx/CVE-2021-43056.json index 30bc0b47624..d5cf6c68b65 100644 --- a/2021/43xxx/CVE-2021-43056.json +++ b/2021/43xxx/CVE-2021-43056.json @@ -71,6 +71,21 @@ "refsource": "MLIST", "name": "[oss-security] 20211028 Re: Linux kernel: powerpc: KVM guest can trigger host crash on Power8", "url": "http://www.openwall.com/lists/oss-security/2021/10/28/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4320606094", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-ed8c2e1098", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRAIS3PG4EV5WFLYESR6FXWM4BJJGWVA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4fed2b55c4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE/" } ] } diff --git a/2021/43xxx/CVE-2021-43058.json b/2021/43xxx/CVE-2021-43058.json index ea0366d22c7..46652a9a2ff 100644 --- a/2021/43xxx/CVE-2021-43058.json +++ b/2021/43xxx/CVE-2021-43058.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-43058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@replicated.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "REPLICATED CLASSIC", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 2.53.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL redirection to untrusted site (\u201cOpen Redirect\u201d)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.replicated.com/security/advisories/CVE-2021-43058", + "url": "https://www.replicated.com/security/advisories/CVE-2021-43058" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site." } ] } diff --git a/2021/43xxx/CVE-2021-43082.json b/2021/43xxx/CVE-2021-43082.json new file mode 100644 index 00000000000..72544f5085c --- /dev/null +++ b/2021/43xxx/CVE-2021-43082.json @@ -0,0 +1,78 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2021-43082", + "STATE": "PUBLIC", + "TITLE": "heap-buffer-overflow with stats-over-http plugin" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "9.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Apache Traffic Server would like to thank Masori Koshiba for finding this issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": [ + {} + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164", + "name": "https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43083.json b/2021/43xxx/CVE-2021-43083.json new file mode 100644 index 00000000000..130b46f32ab --- /dev/null +++ b/2021/43xxx/CVE-2021-43083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43084.json b/2021/43xxx/CVE-2021-43084.json new file mode 100644 index 00000000000..0792d5942ca --- /dev/null +++ b/2021/43xxx/CVE-2021-43084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43085.json b/2021/43xxx/CVE-2021-43085.json new file mode 100644 index 00000000000..cd0b650e139 --- /dev/null +++ b/2021/43xxx/CVE-2021-43085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43086.json b/2021/43xxx/CVE-2021-43086.json new file mode 100644 index 00000000000..45cfefb4061 --- /dev/null +++ b/2021/43xxx/CVE-2021-43086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43087.json b/2021/43xxx/CVE-2021-43087.json new file mode 100644 index 00000000000..3dd7d23ae80 --- /dev/null +++ b/2021/43xxx/CVE-2021-43087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43088.json b/2021/43xxx/CVE-2021-43088.json new file mode 100644 index 00000000000..e76a03fd1cb --- /dev/null +++ b/2021/43xxx/CVE-2021-43088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43089.json b/2021/43xxx/CVE-2021-43089.json new file mode 100644 index 00000000000..48596cd49e7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43090.json b/2021/43xxx/CVE-2021-43090.json new file mode 100644 index 00000000000..7b936b0ca33 --- /dev/null +++ b/2021/43xxx/CVE-2021-43090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43091.json b/2021/43xxx/CVE-2021-43091.json new file mode 100644 index 00000000000..f3e125ef5bd --- /dev/null +++ b/2021/43xxx/CVE-2021-43091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43092.json b/2021/43xxx/CVE-2021-43092.json new file mode 100644 index 00000000000..e3488d237d7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43093.json b/2021/43xxx/CVE-2021-43093.json new file mode 100644 index 00000000000..11ddcda87ae --- /dev/null +++ b/2021/43xxx/CVE-2021-43093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43094.json b/2021/43xxx/CVE-2021-43094.json new file mode 100644 index 00000000000..4569b8a760e --- /dev/null +++ b/2021/43xxx/CVE-2021-43094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43095.json b/2021/43xxx/CVE-2021-43095.json new file mode 100644 index 00000000000..8f6699b1fe8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43096.json b/2021/43xxx/CVE-2021-43096.json new file mode 100644 index 00000000000..e2780a041d5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43097.json b/2021/43xxx/CVE-2021-43097.json new file mode 100644 index 00000000000..be89fd78dae --- /dev/null +++ b/2021/43xxx/CVE-2021-43097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43098.json b/2021/43xxx/CVE-2021-43098.json new file mode 100644 index 00000000000..878adcc39f7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43099.json b/2021/43xxx/CVE-2021-43099.json new file mode 100644 index 00000000000..2341359ce42 --- /dev/null +++ b/2021/43xxx/CVE-2021-43099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43100.json b/2021/43xxx/CVE-2021-43100.json new file mode 100644 index 00000000000..4532d7590a3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43101.json b/2021/43xxx/CVE-2021-43101.json new file mode 100644 index 00000000000..999d53063df --- /dev/null +++ b/2021/43xxx/CVE-2021-43101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43102.json b/2021/43xxx/CVE-2021-43102.json new file mode 100644 index 00000000000..2d3243d8529 --- /dev/null +++ b/2021/43xxx/CVE-2021-43102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43103.json b/2021/43xxx/CVE-2021-43103.json new file mode 100644 index 00000000000..79ad79083ea --- /dev/null +++ b/2021/43xxx/CVE-2021-43103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43104.json b/2021/43xxx/CVE-2021-43104.json new file mode 100644 index 00000000000..9c7224204d0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43105.json b/2021/43xxx/CVE-2021-43105.json new file mode 100644 index 00000000000..dc99ffb8095 --- /dev/null +++ b/2021/43xxx/CVE-2021-43105.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43105", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43106.json b/2021/43xxx/CVE-2021-43106.json new file mode 100644 index 00000000000..8c430c25598 --- /dev/null +++ b/2021/43xxx/CVE-2021-43106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43107.json b/2021/43xxx/CVE-2021-43107.json new file mode 100644 index 00000000000..61c9d048b1c --- /dev/null +++ b/2021/43xxx/CVE-2021-43107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43108.json b/2021/43xxx/CVE-2021-43108.json new file mode 100644 index 00000000000..f07eb518ce5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43109.json b/2021/43xxx/CVE-2021-43109.json new file mode 100644 index 00000000000..ed060b2f939 --- /dev/null +++ b/2021/43xxx/CVE-2021-43109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43110.json b/2021/43xxx/CVE-2021-43110.json new file mode 100644 index 00000000000..dcc7cefa864 --- /dev/null +++ b/2021/43xxx/CVE-2021-43110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43111.json b/2021/43xxx/CVE-2021-43111.json new file mode 100644 index 00000000000..358127a6b34 --- /dev/null +++ b/2021/43xxx/CVE-2021-43111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43112.json b/2021/43xxx/CVE-2021-43112.json new file mode 100644 index 00000000000..25dcdc75a8c --- /dev/null +++ b/2021/43xxx/CVE-2021-43112.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43112", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43113.json b/2021/43xxx/CVE-2021-43113.json new file mode 100644 index 00000000000..df7868a96e6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43114.json b/2021/43xxx/CVE-2021-43114.json new file mode 100644 index 00000000000..7ee8d730268 --- /dev/null +++ b/2021/43xxx/CVE-2021-43114.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NICMx/FORT-validator/releases/tag/1.5.2", + "refsource": "MISC", + "name": "https://github.com/NICMx/FORT-validator/releases/tag/1.5.2" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43115.json b/2021/43xxx/CVE-2021-43115.json new file mode 100644 index 00000000000..7181a93c541 --- /dev/null +++ b/2021/43xxx/CVE-2021-43115.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43115", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43116.json b/2021/43xxx/CVE-2021-43116.json new file mode 100644 index 00000000000..21d2361a25c --- /dev/null +++ b/2021/43xxx/CVE-2021-43116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43117.json b/2021/43xxx/CVE-2021-43117.json new file mode 100644 index 00000000000..a8dc5f1b714 --- /dev/null +++ b/2021/43xxx/CVE-2021-43117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43118.json b/2021/43xxx/CVE-2021-43118.json new file mode 100644 index 00000000000..9794e2377d5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43118.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43118", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43119.json b/2021/43xxx/CVE-2021-43119.json new file mode 100644 index 00000000000..df1a284a5a4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43120.json b/2021/43xxx/CVE-2021-43120.json new file mode 100644 index 00000000000..5d35e8d2a80 --- /dev/null +++ b/2021/43xxx/CVE-2021-43120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43121.json b/2021/43xxx/CVE-2021-43121.json new file mode 100644 index 00000000000..d8fce452642 --- /dev/null +++ b/2021/43xxx/CVE-2021-43121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43122.json b/2021/43xxx/CVE-2021-43122.json new file mode 100644 index 00000000000..71f5551ac7c --- /dev/null +++ b/2021/43xxx/CVE-2021-43122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43123.json b/2021/43xxx/CVE-2021-43123.json new file mode 100644 index 00000000000..7744b31309d --- /dev/null +++ b/2021/43xxx/CVE-2021-43123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43124.json b/2021/43xxx/CVE-2021-43124.json new file mode 100644 index 00000000000..b77f5bb7044 --- /dev/null +++ b/2021/43xxx/CVE-2021-43124.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43124", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43125.json b/2021/43xxx/CVE-2021-43125.json new file mode 100644 index 00000000000..5052c8bbcb0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43125.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43125", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43126.json b/2021/43xxx/CVE-2021-43126.json new file mode 100644 index 00000000000..808349f9e4e --- /dev/null +++ b/2021/43xxx/CVE-2021-43126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43127.json b/2021/43xxx/CVE-2021-43127.json new file mode 100644 index 00000000000..f00d8e8c1b6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43128.json b/2021/43xxx/CVE-2021-43128.json new file mode 100644 index 00000000000..7d177441e4f --- /dev/null +++ b/2021/43xxx/CVE-2021-43128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43129.json b/2021/43xxx/CVE-2021-43129.json new file mode 100644 index 00000000000..bafbbdf042d --- /dev/null +++ b/2021/43xxx/CVE-2021-43129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43131.json b/2021/43xxx/CVE-2021-43131.json new file mode 100644 index 00000000000..fc073ffba5b --- /dev/null +++ b/2021/43xxx/CVE-2021-43131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43132.json b/2021/43xxx/CVE-2021-43132.json new file mode 100644 index 00000000000..bbd1a97e4f2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43132.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43132", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43133.json b/2021/43xxx/CVE-2021-43133.json new file mode 100644 index 00000000000..ffe2c933ca8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43133.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43133", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43134.json b/2021/43xxx/CVE-2021-43134.json new file mode 100644 index 00000000000..1a13d24b9d4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43134.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43134", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43135.json b/2021/43xxx/CVE-2021-43135.json new file mode 100644 index 00000000000..64b4246e0ca --- /dev/null +++ b/2021/43xxx/CVE-2021-43135.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43135", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43137.json b/2021/43xxx/CVE-2021-43137.json new file mode 100644 index 00000000000..669d7e43de8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43138.json b/2021/43xxx/CVE-2021-43138.json new file mode 100644 index 00000000000..4535f5a5a29 --- /dev/null +++ b/2021/43xxx/CVE-2021-43138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43139.json b/2021/43xxx/CVE-2021-43139.json new file mode 100644 index 00000000000..ff3f712d2dc --- /dev/null +++ b/2021/43xxx/CVE-2021-43139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43141.json b/2021/43xxx/CVE-2021-43141.json new file mode 100644 index 00000000000..05152b4b24c --- /dev/null +++ b/2021/43xxx/CVE-2021-43141.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Dir0x/CVE-2021-43141", + "url": "https://github.com/Dir0x/CVE-2021-43141" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43142.json b/2021/43xxx/CVE-2021-43142.json new file mode 100644 index 00000000000..b7507262130 --- /dev/null +++ b/2021/43xxx/CVE-2021-43142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43143.json b/2021/43xxx/CVE-2021-43143.json new file mode 100644 index 00000000000..1bb64387e27 --- /dev/null +++ b/2021/43xxx/CVE-2021-43143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43144.json b/2021/43xxx/CVE-2021-43144.json new file mode 100644 index 00000000000..e74bbab046b --- /dev/null +++ b/2021/43xxx/CVE-2021-43144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43145.json b/2021/43xxx/CVE-2021-43145.json new file mode 100644 index 00000000000..564bea97333 --- /dev/null +++ b/2021/43xxx/CVE-2021-43145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43146.json b/2021/43xxx/CVE-2021-43146.json new file mode 100644 index 00000000000..be579d12174 --- /dev/null +++ b/2021/43xxx/CVE-2021-43146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43147.json b/2021/43xxx/CVE-2021-43147.json new file mode 100644 index 00000000000..0e19852a9b5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43148.json b/2021/43xxx/CVE-2021-43148.json new file mode 100644 index 00000000000..fae667e3a16 --- /dev/null +++ b/2021/43xxx/CVE-2021-43148.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43148", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43149.json b/2021/43xxx/CVE-2021-43149.json new file mode 100644 index 00000000000..ba4a37b97a6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43149", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43150.json b/2021/43xxx/CVE-2021-43150.json new file mode 100644 index 00000000000..b125fd4a804 --- /dev/null +++ b/2021/43xxx/CVE-2021-43150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43151.json b/2021/43xxx/CVE-2021-43151.json new file mode 100644 index 00000000000..1ce42726649 --- /dev/null +++ b/2021/43xxx/CVE-2021-43151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43152.json b/2021/43xxx/CVE-2021-43152.json new file mode 100644 index 00000000000..62fa9b2056c --- /dev/null +++ b/2021/43xxx/CVE-2021-43152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43153.json b/2021/43xxx/CVE-2021-43153.json new file mode 100644 index 00000000000..7ec9c7a386c --- /dev/null +++ b/2021/43xxx/CVE-2021-43153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43154.json b/2021/43xxx/CVE-2021-43154.json new file mode 100644 index 00000000000..5187ec903a5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43155.json b/2021/43xxx/CVE-2021-43155.json new file mode 100644 index 00000000000..b787c4f02c1 --- /dev/null +++ b/2021/43xxx/CVE-2021-43155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43156.json b/2021/43xxx/CVE-2021-43156.json new file mode 100644 index 00000000000..f9bb6bd57df --- /dev/null +++ b/2021/43xxx/CVE-2021-43156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43157.json b/2021/43xxx/CVE-2021-43157.json new file mode 100644 index 00000000000..7c019a45b1d --- /dev/null +++ b/2021/43xxx/CVE-2021-43157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43158.json b/2021/43xxx/CVE-2021-43158.json new file mode 100644 index 00000000000..cd4737aa217 --- /dev/null +++ b/2021/43xxx/CVE-2021-43158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43159.json b/2021/43xxx/CVE-2021-43159.json new file mode 100644 index 00000000000..f7c9495840c --- /dev/null +++ b/2021/43xxx/CVE-2021-43159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43160.json b/2021/43xxx/CVE-2021-43160.json new file mode 100644 index 00000000000..281d8c18ab6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43161.json b/2021/43xxx/CVE-2021-43161.json new file mode 100644 index 00000000000..641b5745e51 --- /dev/null +++ b/2021/43xxx/CVE-2021-43161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43162.json b/2021/43xxx/CVE-2021-43162.json new file mode 100644 index 00000000000..3a23909a25b --- /dev/null +++ b/2021/43xxx/CVE-2021-43162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43163.json b/2021/43xxx/CVE-2021-43163.json new file mode 100644 index 00000000000..48151565683 --- /dev/null +++ b/2021/43xxx/CVE-2021-43163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43164.json b/2021/43xxx/CVE-2021-43164.json new file mode 100644 index 00000000000..9c3bc0c9f47 --- /dev/null +++ b/2021/43xxx/CVE-2021-43164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43165.json b/2021/43xxx/CVE-2021-43165.json new file mode 100644 index 00000000000..30993e6f32f --- /dev/null +++ b/2021/43xxx/CVE-2021-43165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43166.json b/2021/43xxx/CVE-2021-43166.json new file mode 100644 index 00000000000..b5bcfd56f63 --- /dev/null +++ b/2021/43xxx/CVE-2021-43166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43167.json b/2021/43xxx/CVE-2021-43167.json new file mode 100644 index 00000000000..20f00cbdea0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43168.json b/2021/43xxx/CVE-2021-43168.json new file mode 100644 index 00000000000..023c1185455 --- /dev/null +++ b/2021/43xxx/CVE-2021-43168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43169.json b/2021/43xxx/CVE-2021-43169.json new file mode 100644 index 00000000000..31d8fea6685 --- /dev/null +++ b/2021/43xxx/CVE-2021-43169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43170.json b/2021/43xxx/CVE-2021-43170.json new file mode 100644 index 00000000000..7d0667c8146 --- /dev/null +++ b/2021/43xxx/CVE-2021-43170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43171.json b/2021/43xxx/CVE-2021-43171.json new file mode 100644 index 00000000000..89e3d6ef6c0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43172.json b/2021/43xxx/CVE-2021-43172.json new file mode 100644 index 00000000000..af4bb477cbb --- /dev/null +++ b/2021/43xxx/CVE-2021-43172.json @@ -0,0 +1,71 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sep@nlnetlabs.nl", + "DATE_PUBLIC": "2021-11-09T14:00:00.000Z", + "ID": "CVE-2021-43172", + "STATE": "PUBLIC", + "TITLE": "Infinite length chain of RRDP repositories" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Routinator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "0.10.1" + } + ] + } + } + ] + }, + "vendor_name": "NLnet Labs" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "We would like to thank Koen van Hove for the discovery." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-674: Uncontrolled Recursion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt", + "name": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43173.json b/2021/43xxx/CVE-2021-43173.json new file mode 100644 index 00000000000..28906e138f0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43173.json @@ -0,0 +1,71 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sep@nlnetlabs.nl", + "DATE_PUBLIC": "2021-11-09T14:00:00.000Z", + "ID": "CVE-2021-43173", + "STATE": "PUBLIC", + "TITLE": "Hanging RRDP request" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Routinator", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "0.10.1" + } + ] + } + } + ] + }, + "vendor_name": "NLnet Labs" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "We would like to thank Koen van Hove for the discovery." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755: Improper Handling of Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt", + "name": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43174.json b/2021/43xxx/CVE-2021-43174.json new file mode 100644 index 00000000000..80a55f6c0a6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43174.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sep@nlnetlabs.nl", + "DATE_PUBLIC": "2021-11-09T14:00:00.000Z", + "ID": "CVE-2021-43174", + "STATE": "PUBLIC", + "TITLE": "gzip transfer encoding caused out-of-memory crash" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Routinator", + "version": { + "version_data": [ + { + "version_number": "0.9.0", + "version_affected": "<=", + "version_value": "0.10.1" + } + ] + } + } + ] + }, + "vendor_name": "NLnet Labs" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "We would like to thank Koen van Hove for the discovery." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1325: Improperly Controlled Sequential Memory Allocation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt", + "name": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43175.json b/2021/43xxx/CVE-2021-43175.json new file mode 100644 index 00000000000..9a98d540c61 --- /dev/null +++ b/2021/43xxx/CVE-2021-43175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43176.json b/2021/43xxx/CVE-2021-43176.json new file mode 100644 index 00000000000..1759f6b41dc --- /dev/null +++ b/2021/43xxx/CVE-2021-43176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43177.json b/2021/43xxx/CVE-2021-43177.json new file mode 100644 index 00000000000..6620fa689a4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43178.json b/2021/43xxx/CVE-2021-43178.json new file mode 100644 index 00000000000..029e7244b66 --- /dev/null +++ b/2021/43xxx/CVE-2021-43178.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43178", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43179.json b/2021/43xxx/CVE-2021-43179.json new file mode 100644 index 00000000000..20517b502f8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43180.json b/2021/43xxx/CVE-2021-43180.json new file mode 100644 index 00000000000..7df1c083ea6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43180.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43181.json b/2021/43xxx/CVE-2021-43181.json new file mode 100644 index 00000000000..c6bc6ae7251 --- /dev/null +++ b/2021/43xxx/CVE-2021-43181.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains Hub before 2021.1.13690, stored XSS is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43182.json b/2021/43xxx/CVE-2021-43182.json new file mode 100644 index 00000000000..5b8e88442ff --- /dev/null +++ b/2021/43xxx/CVE-2021-43182.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains Hub before 2021.1.13415, a DoS via user information is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43183.json b/2021/43xxx/CVE-2021-43183.json new file mode 100644 index 00000000000..263229bbfb3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43183.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43184.json b/2021/43xxx/CVE-2021-43184.json new file mode 100644 index 00000000000..e604b7deeb9 --- /dev/null +++ b/2021/43xxx/CVE-2021-43184.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains YouTrack before 2021.3.21051, stored XSS is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43185.json b/2021/43xxx/CVE-2021-43185.json new file mode 100644 index 00000000000..b4d0a26951f --- /dev/null +++ b/2021/43xxx/CVE-2021-43185.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43186.json b/2021/43xxx/CVE-2021-43186.json new file mode 100644 index 00000000000..4f1e579eb5e --- /dev/null +++ b/2021/43xxx/CVE-2021-43186.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43187.json b/2021/43xxx/CVE-2021-43187.json new file mode 100644 index 00000000000..10f5ad1bc41 --- /dev/null +++ b/2021/43xxx/CVE-2021-43187.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43188.json b/2021/43xxx/CVE-2021-43188.json new file mode 100644 index 00000000000..db2d30e6098 --- /dev/null +++ b/2021/43xxx/CVE-2021-43188.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43189.json b/2021/43xxx/CVE-2021-43189.json new file mode 100644 index 00000000000..8b3a9cd090e --- /dev/null +++ b/2021/43xxx/CVE-2021-43189.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43190.json b/2021/43xxx/CVE-2021-43190.json new file mode 100644 index 00000000000..673d7daaf32 --- /dev/null +++ b/2021/43xxx/CVE-2021-43190.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43191.json b/2021/43xxx/CVE-2021-43191.json new file mode 100644 index 00000000000..318e30edc0c --- /dev/null +++ b/2021/43xxx/CVE-2021-43191.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43192.json b/2021/43xxx/CVE-2021-43192.json new file mode 100644 index 00000000000..bde7e14280f --- /dev/null +++ b/2021/43xxx/CVE-2021-43192.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43193.json b/2021/43xxx/CVE-2021-43193.json new file mode 100644 index 00000000000..8e815051e3b --- /dev/null +++ b/2021/43xxx/CVE-2021-43193.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43194.json b/2021/43xxx/CVE-2021-43194.json new file mode 100644 index 00000000000..dd738f47afe --- /dev/null +++ b/2021/43xxx/CVE-2021-43194.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1.2, user enumeration was possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43195.json b/2021/43xxx/CVE-2021-43195.json new file mode 100644 index 00000000000..af715bb624c --- /dev/null +++ b/2021/43xxx/CVE-2021-43195.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43196.json b/2021/43xxx/CVE-2021-43196.json new file mode 100644 index 00000000000..9395cbc29dc --- /dev/null +++ b/2021/43xxx/CVE-2021-43196.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43197.json b/2021/43xxx/CVE-2021-43197.json new file mode 100644 index 00000000000..382db7dacaf --- /dev/null +++ b/2021/43xxx/CVE-2021-43197.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43198.json b/2021/43xxx/CVE-2021-43198.json new file mode 100644 index 00000000000..26f5709201b --- /dev/null +++ b/2021/43xxx/CVE-2021-43198.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1.2, stored XSS is possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43199.json b/2021/43xxx/CVE-2021-43199.json new file mode 100644 index 00000000000..647cffe0dbd --- /dev/null +++ b/2021/43xxx/CVE-2021-43199.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43200.json b/2021/43xxx/CVE-2021-43200.json new file mode 100644 index 00000000000..47e087006a3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43200.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43201.json b/2021/43xxx/CVE-2021-43201.json new file mode 100644 index 00000000000..371a96d7b07 --- /dev/null +++ b/2021/43xxx/CVE-2021-43201.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43202.json b/2021/43xxx/CVE-2021-43202.json new file mode 100644 index 00000000000..cc139bb5838 --- /dev/null +++ b/2021/43xxx/CVE-2021-43202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43203.json b/2021/43xxx/CVE-2021-43203.json new file mode 100644 index 00000000000..f7c425ddad7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43203.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/", + "url": "https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43204.json b/2021/43xxx/CVE-2021-43204.json new file mode 100644 index 00000000000..6ece2625bf6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43205.json b/2021/43xxx/CVE-2021-43205.json new file mode 100644 index 00000000000..0d7b6fe0c6d --- /dev/null +++ b/2021/43xxx/CVE-2021-43205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43206.json b/2021/43xxx/CVE-2021-43206.json new file mode 100644 index 00000000000..4b2663d1001 --- /dev/null +++ b/2021/43xxx/CVE-2021-43206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43207.json b/2021/43xxx/CVE-2021-43207.json new file mode 100644 index 00000000000..d6630273296 --- /dev/null +++ b/2021/43xxx/CVE-2021-43207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43210.json b/2021/43xxx/CVE-2021-43210.json new file mode 100644 index 00000000000..f313ef19d2a --- /dev/null +++ b/2021/43xxx/CVE-2021-43210.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43210", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43211.json b/2021/43xxx/CVE-2021-43211.json new file mode 100644 index 00000000000..ab96abb9fae --- /dev/null +++ b/2021/43xxx/CVE-2021-43211.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43211", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43212.json b/2021/43xxx/CVE-2021-43212.json new file mode 100644 index 00000000000..cdce7b2ad44 --- /dev/null +++ b/2021/43xxx/CVE-2021-43212.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43212", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43213.json b/2021/43xxx/CVE-2021-43213.json new file mode 100644 index 00000000000..a9e6f3f6469 --- /dev/null +++ b/2021/43xxx/CVE-2021-43213.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43213", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43214.json b/2021/43xxx/CVE-2021-43214.json new file mode 100644 index 00000000000..7e003efab60 --- /dev/null +++ b/2021/43xxx/CVE-2021-43214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43215.json b/2021/43xxx/CVE-2021-43215.json new file mode 100644 index 00000000000..1afd3194161 --- /dev/null +++ b/2021/43xxx/CVE-2021-43215.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43215", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43216.json b/2021/43xxx/CVE-2021-43216.json new file mode 100644 index 00000000000..c3c51a91338 --- /dev/null +++ b/2021/43xxx/CVE-2021-43216.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43216", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43217.json b/2021/43xxx/CVE-2021-43217.json new file mode 100644 index 00000000000..c19c2dca221 --- /dev/null +++ b/2021/43xxx/CVE-2021-43217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43218.json b/2021/43xxx/CVE-2021-43218.json new file mode 100644 index 00000000000..c83b4b383aa --- /dev/null +++ b/2021/43xxx/CVE-2021-43218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43219.json b/2021/43xxx/CVE-2021-43219.json new file mode 100644 index 00000000000..86e7584b728 --- /dev/null +++ b/2021/43xxx/CVE-2021-43219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43220.json b/2021/43xxx/CVE-2021-43220.json new file mode 100644 index 00000000000..f7a8e063b02 --- /dev/null +++ b/2021/43xxx/CVE-2021-43220.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43220", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43221.json b/2021/43xxx/CVE-2021-43221.json new file mode 100644 index 00000000000..1f006a74080 --- /dev/null +++ b/2021/43xxx/CVE-2021-43221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43222.json b/2021/43xxx/CVE-2021-43222.json new file mode 100644 index 00000000000..a7ca46e4d51 --- /dev/null +++ b/2021/43xxx/CVE-2021-43222.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43222", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43223.json b/2021/43xxx/CVE-2021-43223.json new file mode 100644 index 00000000000..89fbff9479e --- /dev/null +++ b/2021/43xxx/CVE-2021-43223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43224.json b/2021/43xxx/CVE-2021-43224.json new file mode 100644 index 00000000000..072d2660b32 --- /dev/null +++ b/2021/43xxx/CVE-2021-43224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43225.json b/2021/43xxx/CVE-2021-43225.json new file mode 100644 index 00000000000..8345de2ee48 --- /dev/null +++ b/2021/43xxx/CVE-2021-43225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43226.json b/2021/43xxx/CVE-2021-43226.json new file mode 100644 index 00000000000..cf1cfee7af8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43226.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43226", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43227.json b/2021/43xxx/CVE-2021-43227.json new file mode 100644 index 00000000000..bb2617fb8ef --- /dev/null +++ b/2021/43xxx/CVE-2021-43227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43228.json b/2021/43xxx/CVE-2021-43228.json new file mode 100644 index 00000000000..92dd66eaa9c --- /dev/null +++ b/2021/43xxx/CVE-2021-43228.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43228", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43229.json b/2021/43xxx/CVE-2021-43229.json new file mode 100644 index 00000000000..bd92c428cb1 --- /dev/null +++ b/2021/43xxx/CVE-2021-43229.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43229", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43230.json b/2021/43xxx/CVE-2021-43230.json new file mode 100644 index 00000000000..71fa534b175 --- /dev/null +++ b/2021/43xxx/CVE-2021-43230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43231.json b/2021/43xxx/CVE-2021-43231.json new file mode 100644 index 00000000000..3a9f63977d4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43231.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43231", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43232.json b/2021/43xxx/CVE-2021-43232.json new file mode 100644 index 00000000000..584c11dde2b --- /dev/null +++ b/2021/43xxx/CVE-2021-43232.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43232", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43233.json b/2021/43xxx/CVE-2021-43233.json new file mode 100644 index 00000000000..c7e4b1db132 --- /dev/null +++ b/2021/43xxx/CVE-2021-43233.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43233", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43234.json b/2021/43xxx/CVE-2021-43234.json new file mode 100644 index 00000000000..74ec566d5c8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43234.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43234", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43235.json b/2021/43xxx/CVE-2021-43235.json new file mode 100644 index 00000000000..588758b3750 --- /dev/null +++ b/2021/43xxx/CVE-2021-43235.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43235", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43236.json b/2021/43xxx/CVE-2021-43236.json new file mode 100644 index 00000000000..7a2b240357b --- /dev/null +++ b/2021/43xxx/CVE-2021-43236.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43236", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43237.json b/2021/43xxx/CVE-2021-43237.json new file mode 100644 index 00000000000..98f5cc8967a --- /dev/null +++ b/2021/43xxx/CVE-2021-43237.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43237", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43238.json b/2021/43xxx/CVE-2021-43238.json new file mode 100644 index 00000000000..06268972667 --- /dev/null +++ b/2021/43xxx/CVE-2021-43238.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43238", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43239.json b/2021/43xxx/CVE-2021-43239.json new file mode 100644 index 00000000000..4a1c87f7e94 --- /dev/null +++ b/2021/43xxx/CVE-2021-43239.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43239", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43240.json b/2021/43xxx/CVE-2021-43240.json new file mode 100644 index 00000000000..4fc7dd34f8c --- /dev/null +++ b/2021/43xxx/CVE-2021-43240.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43240", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43241.json b/2021/43xxx/CVE-2021-43241.json new file mode 100644 index 00000000000..05bfcbefa46 --- /dev/null +++ b/2021/43xxx/CVE-2021-43241.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43241", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43242.json b/2021/43xxx/CVE-2021-43242.json new file mode 100644 index 00000000000..0c8fbcfcb08 --- /dev/null +++ b/2021/43xxx/CVE-2021-43242.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43242", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43243.json b/2021/43xxx/CVE-2021-43243.json new file mode 100644 index 00000000000..6204f422350 --- /dev/null +++ b/2021/43xxx/CVE-2021-43243.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43243", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43244.json b/2021/43xxx/CVE-2021-43244.json new file mode 100644 index 00000000000..d136a82e567 --- /dev/null +++ b/2021/43xxx/CVE-2021-43244.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43244", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43245.json b/2021/43xxx/CVE-2021-43245.json new file mode 100644 index 00000000000..84434afc777 --- /dev/null +++ b/2021/43xxx/CVE-2021-43245.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43245", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43246.json b/2021/43xxx/CVE-2021-43246.json new file mode 100644 index 00000000000..b3eb588b0fa --- /dev/null +++ b/2021/43xxx/CVE-2021-43246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43247.json b/2021/43xxx/CVE-2021-43247.json new file mode 100644 index 00000000000..d626f456f91 --- /dev/null +++ b/2021/43xxx/CVE-2021-43247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43248.json b/2021/43xxx/CVE-2021-43248.json new file mode 100644 index 00000000000..dbd5819ed65 --- /dev/null +++ b/2021/43xxx/CVE-2021-43248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43249.json b/2021/43xxx/CVE-2021-43249.json new file mode 100644 index 00000000000..8d9029096dc --- /dev/null +++ b/2021/43xxx/CVE-2021-43249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43250.json b/2021/43xxx/CVE-2021-43250.json new file mode 100644 index 00000000000..cf53c3723c8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43251.json b/2021/43xxx/CVE-2021-43251.json new file mode 100644 index 00000000000..115dd01fbb6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43251.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43251", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43252.json b/2021/43xxx/CVE-2021-43252.json new file mode 100644 index 00000000000..9aba3a84c90 --- /dev/null +++ b/2021/43xxx/CVE-2021-43252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43253.json b/2021/43xxx/CVE-2021-43253.json new file mode 100644 index 00000000000..203dc061793 --- /dev/null +++ b/2021/43xxx/CVE-2021-43253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43254.json b/2021/43xxx/CVE-2021-43254.json new file mode 100644 index 00000000000..50bbbf9b184 --- /dev/null +++ b/2021/43xxx/CVE-2021-43254.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43254", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43255.json b/2021/43xxx/CVE-2021-43255.json new file mode 100644 index 00000000000..fac04b395ff --- /dev/null +++ b/2021/43xxx/CVE-2021-43255.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43255", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43256.json b/2021/43xxx/CVE-2021-43256.json new file mode 100644 index 00000000000..2b583ec8824 --- /dev/null +++ b/2021/43xxx/CVE-2021-43256.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43256", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43257.json b/2021/43xxx/CVE-2021-43257.json new file mode 100644 index 00000000000..a5ac84ce6cb --- /dev/null +++ b/2021/43xxx/CVE-2021-43257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43258.json b/2021/43xxx/CVE-2021-43258.json new file mode 100644 index 00000000000..be29c514384 --- /dev/null +++ b/2021/43xxx/CVE-2021-43258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43259.json b/2021/43xxx/CVE-2021-43259.json new file mode 100644 index 00000000000..df8fabf4e75 --- /dev/null +++ b/2021/43xxx/CVE-2021-43259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43260.json b/2021/43xxx/CVE-2021-43260.json new file mode 100644 index 00000000000..ca5ba42414d --- /dev/null +++ b/2021/43xxx/CVE-2021-43260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43261.json b/2021/43xxx/CVE-2021-43261.json new file mode 100644 index 00000000000..4ce568dc916 --- /dev/null +++ b/2021/43xxx/CVE-2021-43261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43262.json b/2021/43xxx/CVE-2021-43262.json new file mode 100644 index 00000000000..dece47f8280 --- /dev/null +++ b/2021/43xxx/CVE-2021-43262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43263.json b/2021/43xxx/CVE-2021-43263.json new file mode 100644 index 00000000000..019b0eedcd2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43264.json b/2021/43xxx/CVE-2021-43264.json new file mode 100644 index 00000000000..0902e6f1bc7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43264.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/mahara/+bug/1944979", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/mahara/+bug/1944979" + }, + { + "refsource": "MISC", + "name": "https://mahara.org/interaction/forum/topic.php?id=8954", + "url": "https://mahara.org/interaction/forum/topic.php?id=8954" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43265.json b/2021/43xxx/CVE-2021-43265.json new file mode 100644 index 00000000000..e349b5e4cca --- /dev/null +++ b/2021/43xxx/CVE-2021-43265.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/mahara/+bug/1944633", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/mahara/+bug/1944633" + }, + { + "refsource": "MISC", + "name": "https://mahara.org/interaction/forum/topic.php?id=8953", + "url": "https://mahara.org/interaction/forum/topic.php?id=8953" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43266.json b/2021/43xxx/CVE-2021-43266.json new file mode 100644 index 00000000000..5607c6bd27b --- /dev/null +++ b/2021/43xxx/CVE-2021-43266.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/mahara/+bug/1942903", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/mahara/+bug/1942903" + }, + { + "refsource": "MISC", + "name": "https://mahara.org/interaction/forum/topic.php?id=8952", + "url": "https://mahara.org/interaction/forum/topic.php?id=8952" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43267.json b/2021/43xxx/CVE-2021-43267.json new file mode 100644 index 00000000000..a774e1da8b5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43267.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-a093973910", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-bdd146e463", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVWL7HZV5T5OEKJPO2D67RMFMKBBXGGB/" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43268.json b/2021/43xxx/CVE-2021-43268.json new file mode 100644 index 00000000000..c9959e73bab --- /dev/null +++ b/2021/43xxx/CVE-2021-43268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43269.json b/2021/43xxx/CVE-2021-43269.json new file mode 100644 index 00000000000..1dd723710ba --- /dev/null +++ b/2021/43xxx/CVE-2021-43269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43270.json b/2021/43xxx/CVE-2021-43270.json new file mode 100644 index 00000000000..3191e2b7ac8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43270.json @@ -0,0 +1,65 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/datalust/seq-app-htmlemail/pull/93", + "refsource": "MISC", + "name": "https://github.com/datalust/seq-app-htmlemail/pull/93" + } + ] + }, + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43271.json b/2021/43xxx/CVE-2021-43271.json new file mode 100644 index 00000000000..f6a6507cd9f --- /dev/null +++ b/2021/43xxx/CVE-2021-43271.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43271", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43281.json b/2021/43xxx/CVE-2021-43281.json new file mode 100644 index 00000000000..26ec3e03c25 --- /dev/null +++ b/2021/43xxx/CVE-2021-43281.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyBB before 1.8.29 allows Remote Code Injection by an admin with the \"Can manage settings?\" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type \"php\" with PHP code, executed on Change Settings pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p", + "url": "https://github.com/mybb/mybb/security/advisories/GHSA-8gxx-vmr9-h39p" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43282.json b/2021/43xxx/CVE-2021-43282.json new file mode 100644 index 00000000000..cf4d319f5a1 --- /dev/null +++ b/2021/43xxx/CVE-2021-43282.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43282", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43283.json b/2021/43xxx/CVE-2021-43283.json new file mode 100644 index 00000000000..623bc3578e9 --- /dev/null +++ b/2021/43xxx/CVE-2021-43283.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43283", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43284.json b/2021/43xxx/CVE-2021-43284.json new file mode 100644 index 00000000000..1a9d1679464 --- /dev/null +++ b/2021/43xxx/CVE-2021-43284.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43284", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43285.json b/2021/43xxx/CVE-2021-43285.json new file mode 100644 index 00000000000..33570ad39bd --- /dev/null +++ b/2021/43xxx/CVE-2021-43285.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43285", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43286.json b/2021/43xxx/CVE-2021-43286.json new file mode 100644 index 00000000000..a105a7a50e4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43286.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43286", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43287.json b/2021/43xxx/CVE-2021-43287.json new file mode 100644 index 00000000000..1ad41934d4a --- /dev/null +++ b/2021/43xxx/CVE-2021-43287.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43287", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43288.json b/2021/43xxx/CVE-2021-43288.json new file mode 100644 index 00000000000..aa89bd92195 --- /dev/null +++ b/2021/43xxx/CVE-2021-43288.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43288", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43289.json b/2021/43xxx/CVE-2021-43289.json new file mode 100644 index 00000000000..653e2aff810 --- /dev/null +++ b/2021/43xxx/CVE-2021-43289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43290.json b/2021/43xxx/CVE-2021-43290.json new file mode 100644 index 00000000000..1e4061b5034 --- /dev/null +++ b/2021/43xxx/CVE-2021-43290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43291.json b/2021/43xxx/CVE-2021-43291.json new file mode 100644 index 00000000000..62e171b0648 --- /dev/null +++ b/2021/43xxx/CVE-2021-43291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43292.json b/2021/43xxx/CVE-2021-43292.json new file mode 100644 index 00000000000..b4ced9dc49e --- /dev/null +++ b/2021/43xxx/CVE-2021-43292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43293.json b/2021/43xxx/CVE-2021-43293.json new file mode 100644 index 00000000000..aa4ca2bc69f --- /dev/null +++ b/2021/43xxx/CVE-2021-43293.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.sonatype.com/hc/en-us/articles/4409326330003", + "url": "https://support.sonatype.com/hc/en-us/articles/4409326330003" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43294.json b/2021/43xxx/CVE-2021-43294.json new file mode 100644 index 00000000000..28bda25c15c --- /dev/null +++ b/2021/43xxx/CVE-2021-43294.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43294", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43295.json b/2021/43xxx/CVE-2021-43295.json new file mode 100644 index 00000000000..cdbbab0b0e4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43295.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43295", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43296.json b/2021/43xxx/CVE-2021-43296.json new file mode 100644 index 00000000000..f9c8c2efd6d --- /dev/null +++ b/2021/43xxx/CVE-2021-43296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43297.json b/2021/43xxx/CVE-2021-43297.json new file mode 100644 index 00000000000..567f30205b5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43298.json b/2021/43xxx/CVE-2021-43298.json new file mode 100644 index 00000000000..a9d4340f043 --- /dev/null +++ b/2021/43xxx/CVE-2021-43298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43299.json b/2021/43xxx/CVE-2021-43299.json new file mode 100644 index 00000000000..dc7eae9b71e --- /dev/null +++ b/2021/43xxx/CVE-2021-43299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43300.json b/2021/43xxx/CVE-2021-43300.json new file mode 100644 index 00000000000..1aaaf783b3b --- /dev/null +++ b/2021/43xxx/CVE-2021-43300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43301.json b/2021/43xxx/CVE-2021-43301.json new file mode 100644 index 00000000000..18207828f21 --- /dev/null +++ b/2021/43xxx/CVE-2021-43301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43302.json b/2021/43xxx/CVE-2021-43302.json new file mode 100644 index 00000000000..ba97174e1a6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43303.json b/2021/43xxx/CVE-2021-43303.json new file mode 100644 index 00000000000..434bd312be9 --- /dev/null +++ b/2021/43xxx/CVE-2021-43303.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43303", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43304.json b/2021/43xxx/CVE-2021-43304.json new file mode 100644 index 00000000000..199b104563d --- /dev/null +++ b/2021/43xxx/CVE-2021-43304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43305.json b/2021/43xxx/CVE-2021-43305.json new file mode 100644 index 00000000000..e18321082ae --- /dev/null +++ b/2021/43xxx/CVE-2021-43305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43306.json b/2021/43xxx/CVE-2021-43306.json new file mode 100644 index 00000000000..82069206b46 --- /dev/null +++ b/2021/43xxx/CVE-2021-43306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43307.json b/2021/43xxx/CVE-2021-43307.json new file mode 100644 index 00000000000..600ef0b724f --- /dev/null +++ b/2021/43xxx/CVE-2021-43307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43308.json b/2021/43xxx/CVE-2021-43308.json new file mode 100644 index 00000000000..f73f92383dc --- /dev/null +++ b/2021/43xxx/CVE-2021-43308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43309.json b/2021/43xxx/CVE-2021-43309.json new file mode 100644 index 00000000000..e695bdd1e6b --- /dev/null +++ b/2021/43xxx/CVE-2021-43309.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43309", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43310.json b/2021/43xxx/CVE-2021-43310.json new file mode 100644 index 00000000000..aa793eeab79 --- /dev/null +++ b/2021/43xxx/CVE-2021-43310.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43310", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43311.json b/2021/43xxx/CVE-2021-43311.json new file mode 100644 index 00000000000..67547402601 --- /dev/null +++ b/2021/43xxx/CVE-2021-43311.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43311", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43312.json b/2021/43xxx/CVE-2021-43312.json new file mode 100644 index 00000000000..a657de7d2fa --- /dev/null +++ b/2021/43xxx/CVE-2021-43312.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43312", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43313.json b/2021/43xxx/CVE-2021-43313.json new file mode 100644 index 00000000000..965527dc3f5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43313.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43313", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43314.json b/2021/43xxx/CVE-2021-43314.json new file mode 100644 index 00000000000..75855af6261 --- /dev/null +++ b/2021/43xxx/CVE-2021-43314.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43314", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43315.json b/2021/43xxx/CVE-2021-43315.json new file mode 100644 index 00000000000..a2c04656712 --- /dev/null +++ b/2021/43xxx/CVE-2021-43315.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43315", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43316.json b/2021/43xxx/CVE-2021-43316.json new file mode 100644 index 00000000000..60c3a1e0a40 --- /dev/null +++ b/2021/43xxx/CVE-2021-43316.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43316", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43317.json b/2021/43xxx/CVE-2021-43317.json new file mode 100644 index 00000000000..740ea02a6ac --- /dev/null +++ b/2021/43xxx/CVE-2021-43317.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43317", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43318.json b/2021/43xxx/CVE-2021-43318.json new file mode 100644 index 00000000000..a56dd7e5b0d --- /dev/null +++ b/2021/43xxx/CVE-2021-43318.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43318", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43319.json b/2021/43xxx/CVE-2021-43319.json new file mode 100644 index 00000000000..a14a4d2ad4d --- /dev/null +++ b/2021/43xxx/CVE-2021-43319.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43319", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43320.json b/2021/43xxx/CVE-2021-43320.json new file mode 100644 index 00000000000..337ff7734fe --- /dev/null +++ b/2021/43xxx/CVE-2021-43320.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43320", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43321.json b/2021/43xxx/CVE-2021-43321.json new file mode 100644 index 00000000000..c426d30fe98 --- /dev/null +++ b/2021/43xxx/CVE-2021-43321.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43321", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43322.json b/2021/43xxx/CVE-2021-43322.json new file mode 100644 index 00000000000..2906ddef671 --- /dev/null +++ b/2021/43xxx/CVE-2021-43322.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43322", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43323.json b/2021/43xxx/CVE-2021-43323.json new file mode 100644 index 00000000000..addaf815960 --- /dev/null +++ b/2021/43xxx/CVE-2021-43323.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43323", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43324.json b/2021/43xxx/CVE-2021-43324.json new file mode 100644 index 00000000000..fecdc3137f4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43324.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibreNMS through 21.10.2 allows XSS via a widget title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/librenms/librenms/commit/99d2462b80435b91a35236639b909eebee432126", + "refsource": "MISC", + "name": "https://github.com/librenms/librenms/commit/99d2462b80435b91a35236639b909eebee432126" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43325.json b/2021/43xxx/CVE-2021-43325.json new file mode 100644 index 00000000000..7c17064a356 --- /dev/null +++ b/2021/43xxx/CVE-2021-43325.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43325", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43326.json b/2021/43xxx/CVE-2021-43326.json new file mode 100644 index 00000000000..2cd12b96b18 --- /dev/null +++ b/2021/43xxx/CVE-2021-43326.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43326", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43327.json b/2021/43xxx/CVE-2021-43327.json new file mode 100644 index 00000000000..71ba1431aca --- /dev/null +++ b/2021/43xxx/CVE-2021-43327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43328.json b/2021/43xxx/CVE-2021-43328.json new file mode 100644 index 00000000000..c7a4bfef01a --- /dev/null +++ b/2021/43xxx/CVE-2021-43328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43329.json b/2021/43xxx/CVE-2021-43329.json new file mode 100644 index 00000000000..4989ae211a2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43329.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43329", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43330.json b/2021/43xxx/CVE-2021-43330.json new file mode 100644 index 00000000000..80c06954f49 --- /dev/null +++ b/2021/43xxx/CVE-2021-43330.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43330", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43333.json b/2021/43xxx/CVE-2021-43333.json new file mode 100644 index 00000000000..e55b4066d64 --- /dev/null +++ b/2021/43xxx/CVE-2021-43333.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43333", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43334.json b/2021/43xxx/CVE-2021-43334.json new file mode 100644 index 00000000000..5cdf8ce17b3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43334.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43334", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43335.json b/2021/43xxx/CVE-2021-43335.json new file mode 100644 index 00000000000..e3e250ad5e8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43335.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43335", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43340.json b/2021/43xxx/CVE-2021-43340.json new file mode 100644 index 00000000000..ecf6fd52a27 --- /dev/null +++ b/2021/43xxx/CVE-2021-43340.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43340", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43341.json b/2021/43xxx/CVE-2021-43341.json new file mode 100644 index 00000000000..6d435073e49 --- /dev/null +++ b/2021/43xxx/CVE-2021-43341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43342.json b/2021/43xxx/CVE-2021-43342.json new file mode 100644 index 00000000000..2523ef7a793 --- /dev/null +++ b/2021/43xxx/CVE-2021-43342.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43342", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43343.json b/2021/43xxx/CVE-2021-43343.json new file mode 100644 index 00000000000..326f413e5a7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43343.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43343", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43344.json b/2021/43xxx/CVE-2021-43344.json new file mode 100644 index 00000000000..9dea787b739 --- /dev/null +++ b/2021/43xxx/CVE-2021-43344.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43344", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43345.json b/2021/43xxx/CVE-2021-43345.json new file mode 100644 index 00000000000..acecf9f5d08 --- /dev/null +++ b/2021/43xxx/CVE-2021-43345.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43345", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43346.json b/2021/43xxx/CVE-2021-43346.json new file mode 100644 index 00000000000..e41a6ef6bfa --- /dev/null +++ b/2021/43xxx/CVE-2021-43346.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43346", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43347.json b/2021/43xxx/CVE-2021-43347.json new file mode 100644 index 00000000000..65fb49b8ca7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43347.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43347", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43348.json b/2021/43xxx/CVE-2021-43348.json new file mode 100644 index 00000000000..b5031b5fc7c --- /dev/null +++ b/2021/43xxx/CVE-2021-43348.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43348", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43349.json b/2021/43xxx/CVE-2021-43349.json new file mode 100644 index 00000000000..983e5e352b2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43349.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43349", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43357.json b/2021/43xxx/CVE-2021-43357.json new file mode 100644 index 00000000000..c6b00939088 --- /dev/null +++ b/2021/43xxx/CVE-2021-43357.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43357", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43358.json b/2021/43xxx/CVE-2021-43358.json new file mode 100644 index 00000000000..0c2245fd4be --- /dev/null +++ b/2021/43xxx/CVE-2021-43358.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43358", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43359.json b/2021/43xxx/CVE-2021-43359.json new file mode 100644 index 00000000000..5a4059af99f --- /dev/null +++ b/2021/43xxx/CVE-2021-43359.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43359", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43360.json b/2021/43xxx/CVE-2021-43360.json new file mode 100644 index 00000000000..10adad42e07 --- /dev/null +++ b/2021/43xxx/CVE-2021-43360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43363.json b/2021/43xxx/CVE-2021-43363.json new file mode 100644 index 00000000000..4886d32b94b --- /dev/null +++ b/2021/43xxx/CVE-2021-43363.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43363", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43364.json b/2021/43xxx/CVE-2021-43364.json new file mode 100644 index 00000000000..be17b23226e --- /dev/null +++ b/2021/43xxx/CVE-2021-43364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43365.json b/2021/43xxx/CVE-2021-43365.json new file mode 100644 index 00000000000..27802e712fc --- /dev/null +++ b/2021/43xxx/CVE-2021-43365.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43365", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43366.json b/2021/43xxx/CVE-2021-43366.json new file mode 100644 index 00000000000..3ab7cc3cdb1 --- /dev/null +++ b/2021/43xxx/CVE-2021-43366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43367.json b/2021/43xxx/CVE-2021-43367.json new file mode 100644 index 00000000000..3e95aead00d --- /dev/null +++ b/2021/43xxx/CVE-2021-43367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43368.json b/2021/43xxx/CVE-2021-43368.json new file mode 100644 index 00000000000..34bdd1eac46 --- /dev/null +++ b/2021/43xxx/CVE-2021-43368.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43368", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43369.json b/2021/43xxx/CVE-2021-43369.json new file mode 100644 index 00000000000..5362c041d3b --- /dev/null +++ b/2021/43xxx/CVE-2021-43369.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43369", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43370.json b/2021/43xxx/CVE-2021-43370.json new file mode 100644 index 00000000000..35bc51ad978 --- /dev/null +++ b/2021/43xxx/CVE-2021-43370.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43370", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43371.json b/2021/43xxx/CVE-2021-43371.json new file mode 100644 index 00000000000..fa7893a26a8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43371.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43371", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43372.json b/2021/43xxx/CVE-2021-43372.json new file mode 100644 index 00000000000..35d8412e926 --- /dev/null +++ b/2021/43xxx/CVE-2021-43372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43373.json b/2021/43xxx/CVE-2021-43373.json new file mode 100644 index 00000000000..e0907d341f1 --- /dev/null +++ b/2021/43xxx/CVE-2021-43373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43374.json b/2021/43xxx/CVE-2021-43374.json new file mode 100644 index 00000000000..54ed1958569 --- /dev/null +++ b/2021/43xxx/CVE-2021-43374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43375.json b/2021/43xxx/CVE-2021-43375.json new file mode 100644 index 00000000000..d1c12048004 --- /dev/null +++ b/2021/43xxx/CVE-2021-43375.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43375", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43376.json b/2021/43xxx/CVE-2021-43376.json new file mode 100644 index 00000000000..9de0d6392ef --- /dev/null +++ b/2021/43xxx/CVE-2021-43376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43377.json b/2021/43xxx/CVE-2021-43377.json new file mode 100644 index 00000000000..2bb3b616699 --- /dev/null +++ b/2021/43xxx/CVE-2021-43377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43378.json b/2021/43xxx/CVE-2021-43378.json new file mode 100644 index 00000000000..6d6664d4351 --- /dev/null +++ b/2021/43xxx/CVE-2021-43378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43379.json b/2021/43xxx/CVE-2021-43379.json new file mode 100644 index 00000000000..3b9995d13b0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43380.json b/2021/43xxx/CVE-2021-43380.json new file mode 100644 index 00000000000..e12b0bb7a3a --- /dev/null +++ b/2021/43xxx/CVE-2021-43380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43381.json b/2021/43xxx/CVE-2021-43381.json new file mode 100644 index 00000000000..894b28100b7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43382.json b/2021/43xxx/CVE-2021-43382.json new file mode 100644 index 00000000000..d7246a310e0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43383.json b/2021/43xxx/CVE-2021-43383.json new file mode 100644 index 00000000000..3efcc0c80bd --- /dev/null +++ b/2021/43xxx/CVE-2021-43383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43384.json b/2021/43xxx/CVE-2021-43384.json new file mode 100644 index 00000000000..2316ff5b2e5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43385.json b/2021/43xxx/CVE-2021-43385.json new file mode 100644 index 00000000000..5b1792d3c4e --- /dev/null +++ b/2021/43xxx/CVE-2021-43385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43386.json b/2021/43xxx/CVE-2021-43386.json new file mode 100644 index 00000000000..58e27e02e9c --- /dev/null +++ b/2021/43xxx/CVE-2021-43386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43387.json b/2021/43xxx/CVE-2021-43387.json new file mode 100644 index 00000000000..0c260a598d3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43387.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43387", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43388.json b/2021/43xxx/CVE-2021-43388.json new file mode 100644 index 00000000000..289ad7fc7f8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43388.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43388", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43389.json b/2021/43xxx/CVE-2021-43389.json new file mode 100644 index 00000000000..c277bacf500 --- /dev/null +++ b/2021/43xxx/CVE-2021-43389.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15" + }, + { + "url": "https://seclists.org/oss-sec/2021/q4/39", + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2021/q4/39" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d" + }, + { + "url": "https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/", + "refsource": "MISC", + "name": "https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2013180", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013180" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211105 Re: Linux kernel: isdn: cpai: array-index-out-of-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c", + "url": "http://www.openwall.com/lists/oss-security/2021/11/05/1" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43392.json b/2021/43xxx/CVE-2021-43392.json new file mode 100644 index 00000000000..8b5f8fa3504 --- /dev/null +++ b/2021/43xxx/CVE-2021-43392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43393.json b/2021/43xxx/CVE-2021-43393.json new file mode 100644 index 00000000000..3ad88366b86 --- /dev/null +++ b/2021/43xxx/CVE-2021-43393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43394.json b/2021/43xxx/CVE-2021-43394.json new file mode 100644 index 00000000000..4fa9966d350 --- /dev/null +++ b/2021/43xxx/CVE-2021-43394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43395.json b/2021/43xxx/CVE-2021-43395.json new file mode 100644 index 00000000000..4440ac0a912 --- /dev/null +++ b/2021/43xxx/CVE-2021-43395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43398.json b/2021/43xxx/CVE-2021-43398.json new file mode 100644 index 00000000000..a6cc0711809 --- /dev/null +++ b/2021/43xxx/CVE-2021-43398.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/weidai11/cryptopp/issues/1080", + "refsource": "MISC", + "name": "https://github.com/weidai11/cryptopp/issues/1080" + }, + { + "url": "https://cryptopp.com", + "refsource": "MISC", + "name": "https://cryptopp.com" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43399.json b/2021/43xxx/CVE-2021-43399.json new file mode 100644 index 00000000000..293d462f800 --- /dev/null +++ b/2021/43xxx/CVE-2021-43399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43400.json b/2021/43xxx/CVE-2021-43400.json new file mode 100644 index 00000000000..4178b4b072f --- /dev/null +++ b/2021/43xxx/CVE-2021-43400.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43401.json b/2021/43xxx/CVE-2021-43401.json new file mode 100644 index 00000000000..7888cd2d0c2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43402.json b/2021/43xxx/CVE-2021-43402.json new file mode 100644 index 00000000000..3561fef4cc2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43403.json b/2021/43xxx/CVE-2021-43403.json new file mode 100644 index 00000000000..24763e29d75 --- /dev/null +++ b/2021/43xxx/CVE-2021-43403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43404.json b/2021/43xxx/CVE-2021-43404.json new file mode 100644 index 00000000000..9a4f89445b1 --- /dev/null +++ b/2021/43xxx/CVE-2021-43404.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/487afc371e5c0dfbbc07cd002333c5bcd949d0f4", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/487afc371e5c0dfbbc07cd002333c5bcd949d0f4" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43405.json b/2021/43xxx/CVE-2021-43405.json new file mode 100644 index 00000000000..1afaeb1e95f --- /dev/null +++ b/2021/43xxx/CVE-2021-43405.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/2d2869c1a1e874c46a8c3c5475614ce769bbbd59" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164795/FusionPBX-4.5.29-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/164795/FusionPBX-4.5.29-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43406.json b/2021/43xxx/CVE-2021-43406.json new file mode 100644 index 00000000000..02cb3904443 --- /dev/null +++ b/2021/43xxx/CVE-2021-43406.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fusionpbx/fusionpbx/commit/0377b2152c0e59c8f35297f9a9b6ee335a62d963", + "refsource": "MISC", + "name": "https://github.com/fusionpbx/fusionpbx/commit/0377b2152c0e59c8f35297f9a9b6ee335a62d963" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43407.json b/2021/43xxx/CVE-2021-43407.json new file mode 100644 index 00000000000..720aa071b53 --- /dev/null +++ b/2021/43xxx/CVE-2021-43407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43408.json b/2021/43xxx/CVE-2021-43408.json new file mode 100644 index 00000000000..b9b3d48f402 --- /dev/null +++ b/2021/43xxx/CVE-2021-43408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43409.json b/2021/43xxx/CVE-2021-43409.json new file mode 100644 index 00000000000..98a0dfa606c --- /dev/null +++ b/2021/43xxx/CVE-2021-43409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43410.json b/2021/43xxx/CVE-2021-43410.json new file mode 100644 index 00000000000..64f2ef8980c --- /dev/null +++ b/2021/43xxx/CVE-2021-43410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43411.json b/2021/43xxx/CVE-2021-43411.json new file mode 100644 index 00000000000..a8c705912e2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43411.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html" + }, + { + "url": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32112.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32112.html" + }, + { + "url": "https://salsa.debian.org/hurd-team/hurd/-/blob/4d1b079411e2f40576e7b58f9b5b78f733a2beda/debian/patches/0034-proc-Use-UIDs-for-evaluating-permissions.patch", + "refsource": "MISC", + "name": "https://salsa.debian.org/hurd-team/hurd/-/blob/4d1b079411e2f40576e7b58f9b5b78f733a2beda/debian/patches/0034-proc-Use-UIDs-for-evaluating-permissions.patch" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43412.json b/2021/43xxx/CVE-2021-43412.json new file mode 100644 index 00000000000..fa798bcaf94 --- /dev/null +++ b/2021/43xxx/CVE-2021-43412.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html" + }, + { + "url": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32116.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32116.html" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43413.json b/2021/43xxx/CVE-2021-43413.json new file mode 100644 index 00000000000..10b013d13ad --- /dev/null +++ b/2021/43xxx/CVE-2021-43413.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they can read. This can be trivially exploited to get full root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html" + }, + { + "url": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32113.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32113.html" + }, + { + "url": "https://lists.gnu.org/archive/html/bug-hurd/2002-11/msg00263.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-hurd/2002-11/msg00263.html" + }, + { + "url": "https://lists.gnu.org/archive/html/bug-hurd/2005-06/msg00191.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-hurd/2005-06/msg00191.html" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43414.json b/2021/43xxx/CVE-2021-43414.json new file mode 100644 index 00000000000..5375fc6e05f --- /dev/null +++ b/2021/43xxx/CVE-2021-43414.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html", + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html" + }, + { + "url": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32114.html", + "refsource": "MISC", + "name": "https://www.mail-archive.com/bug-hurd@gnu.org/msg32114.html" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43415.json b/2021/43xxx/CVE-2021-43415.json new file mode 100644 index 00000000000..5ec78801ac2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43416.json b/2021/43xxx/CVE-2021-43416.json new file mode 100644 index 00000000000..6dbae4fff3e --- /dev/null +++ b/2021/43xxx/CVE-2021-43416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43417.json b/2021/43xxx/CVE-2021-43417.json new file mode 100644 index 00000000000..b4dce6c4c7c --- /dev/null +++ b/2021/43xxx/CVE-2021-43417.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43417", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43418.json b/2021/43xxx/CVE-2021-43418.json new file mode 100644 index 00000000000..e932571f5a1 --- /dev/null +++ b/2021/43xxx/CVE-2021-43418.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43418", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43419.json b/2021/43xxx/CVE-2021-43419.json new file mode 100644 index 00000000000..2889d2a0755 --- /dev/null +++ b/2021/43xxx/CVE-2021-43419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43420.json b/2021/43xxx/CVE-2021-43420.json new file mode 100644 index 00000000000..650895337d2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43421.json b/2021/43xxx/CVE-2021-43421.json new file mode 100644 index 00000000000..edc1d74b448 --- /dev/null +++ b/2021/43xxx/CVE-2021-43421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43422.json b/2021/43xxx/CVE-2021-43422.json new file mode 100644 index 00000000000..10188d07c2a --- /dev/null +++ b/2021/43xxx/CVE-2021-43422.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43422", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43423.json b/2021/43xxx/CVE-2021-43423.json new file mode 100644 index 00000000000..384a108ddcf --- /dev/null +++ b/2021/43xxx/CVE-2021-43423.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43423", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43424.json b/2021/43xxx/CVE-2021-43424.json new file mode 100644 index 00000000000..520af420508 --- /dev/null +++ b/2021/43xxx/CVE-2021-43424.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43424", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43425.json b/2021/43xxx/CVE-2021-43425.json new file mode 100644 index 00000000000..1c89c9505ce --- /dev/null +++ b/2021/43xxx/CVE-2021-43425.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43425", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43426.json b/2021/43xxx/CVE-2021-43426.json new file mode 100644 index 00000000000..1f63df8e2dd --- /dev/null +++ b/2021/43xxx/CVE-2021-43426.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43426", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43427.json b/2021/43xxx/CVE-2021-43427.json new file mode 100644 index 00000000000..0a8d064efef --- /dev/null +++ b/2021/43xxx/CVE-2021-43427.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43427", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43428.json b/2021/43xxx/CVE-2021-43428.json new file mode 100644 index 00000000000..804c8ec4c03 --- /dev/null +++ b/2021/43xxx/CVE-2021-43428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43429.json b/2021/43xxx/CVE-2021-43429.json new file mode 100644 index 00000000000..cafe1672d7b --- /dev/null +++ b/2021/43xxx/CVE-2021-43429.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43429", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43430.json b/2021/43xxx/CVE-2021-43430.json new file mode 100644 index 00000000000..c61519bce34 --- /dev/null +++ b/2021/43xxx/CVE-2021-43430.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43430", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43431.json b/2021/43xxx/CVE-2021-43431.json new file mode 100644 index 00000000000..229c2e13243 --- /dev/null +++ b/2021/43xxx/CVE-2021-43431.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43431", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43432.json b/2021/43xxx/CVE-2021-43432.json new file mode 100644 index 00000000000..e61584ecd36 --- /dev/null +++ b/2021/43xxx/CVE-2021-43432.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43432", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43433.json b/2021/43xxx/CVE-2021-43433.json new file mode 100644 index 00000000000..b26b984ca9a --- /dev/null +++ b/2021/43xxx/CVE-2021-43433.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43433", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43434.json b/2021/43xxx/CVE-2021-43434.json new file mode 100644 index 00000000000..4d1a48d8cd6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43434.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43434", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43435.json b/2021/43xxx/CVE-2021-43435.json new file mode 100644 index 00000000000..a398a6219fe --- /dev/null +++ b/2021/43xxx/CVE-2021-43435.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43435", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43436.json b/2021/43xxx/CVE-2021-43436.json new file mode 100644 index 00000000000..ec59301c563 --- /dev/null +++ b/2021/43xxx/CVE-2021-43436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43437.json b/2021/43xxx/CVE-2021-43437.json new file mode 100644 index 00000000000..5139f3a9cd9 --- /dev/null +++ b/2021/43xxx/CVE-2021-43437.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43437", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43438.json b/2021/43xxx/CVE-2021-43438.json new file mode 100644 index 00000000000..c948b5a5ffd --- /dev/null +++ b/2021/43xxx/CVE-2021-43438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43438", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43439.json b/2021/43xxx/CVE-2021-43439.json new file mode 100644 index 00000000000..2a396473855 --- /dev/null +++ b/2021/43xxx/CVE-2021-43439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43440.json b/2021/43xxx/CVE-2021-43440.json new file mode 100644 index 00000000000..9efd22b246b --- /dev/null +++ b/2021/43xxx/CVE-2021-43440.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43440", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43441.json b/2021/43xxx/CVE-2021-43441.json new file mode 100644 index 00000000000..cf09e5455ef --- /dev/null +++ b/2021/43xxx/CVE-2021-43441.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43441", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43442.json b/2021/43xxx/CVE-2021-43442.json new file mode 100644 index 00000000000..03e7d02c12f --- /dev/null +++ b/2021/43xxx/CVE-2021-43442.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43442", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43443.json b/2021/43xxx/CVE-2021-43443.json new file mode 100644 index 00000000000..2f65b2461f0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43443", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43444.json b/2021/43xxx/CVE-2021-43444.json new file mode 100644 index 00000000000..94cd6b3e6ae --- /dev/null +++ b/2021/43xxx/CVE-2021-43444.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43444", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43445.json b/2021/43xxx/CVE-2021-43445.json new file mode 100644 index 00000000000..65d083c4582 --- /dev/null +++ b/2021/43xxx/CVE-2021-43445.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43445", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43446.json b/2021/43xxx/CVE-2021-43446.json new file mode 100644 index 00000000000..e47aec0a722 --- /dev/null +++ b/2021/43xxx/CVE-2021-43446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43446", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43447.json b/2021/43xxx/CVE-2021-43447.json new file mode 100644 index 00000000000..14ec0f82c7d --- /dev/null +++ b/2021/43xxx/CVE-2021-43447.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43447", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43448.json b/2021/43xxx/CVE-2021-43448.json new file mode 100644 index 00000000000..0124d4d3cd3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43449.json b/2021/43xxx/CVE-2021-43449.json new file mode 100644 index 00000000000..81ca8a427e8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43450.json b/2021/43xxx/CVE-2021-43450.json new file mode 100644 index 00000000000..a9d5c71ebb8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43451.json b/2021/43xxx/CVE-2021-43451.json new file mode 100644 index 00000000000..4c9c2139326 --- /dev/null +++ b/2021/43xxx/CVE-2021-43451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43452.json b/2021/43xxx/CVE-2021-43452.json new file mode 100644 index 00000000000..ca0341387aa --- /dev/null +++ b/2021/43xxx/CVE-2021-43452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43453.json b/2021/43xxx/CVE-2021-43453.json new file mode 100644 index 00000000000..b52b8df85d3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43454.json b/2021/43xxx/CVE-2021-43454.json new file mode 100644 index 00000000000..f793ba94d0b --- /dev/null +++ b/2021/43xxx/CVE-2021-43454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43455.json b/2021/43xxx/CVE-2021-43455.json new file mode 100644 index 00000000000..1635ed2da89 --- /dev/null +++ b/2021/43xxx/CVE-2021-43455.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43455", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43456.json b/2021/43xxx/CVE-2021-43456.json new file mode 100644 index 00000000000..143000f0372 --- /dev/null +++ b/2021/43xxx/CVE-2021-43456.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43456", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43457.json b/2021/43xxx/CVE-2021-43457.json new file mode 100644 index 00000000000..719cccacc4f --- /dev/null +++ b/2021/43xxx/CVE-2021-43457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43458.json b/2021/43xxx/CVE-2021-43458.json new file mode 100644 index 00000000000..d20e69380f4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43458.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43458", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43459.json b/2021/43xxx/CVE-2021-43459.json new file mode 100644 index 00000000000..46b71f6406f --- /dev/null +++ b/2021/43xxx/CVE-2021-43459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43460.json b/2021/43xxx/CVE-2021-43460.json new file mode 100644 index 00000000000..0a6f2c0f5ec --- /dev/null +++ b/2021/43xxx/CVE-2021-43460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43461.json b/2021/43xxx/CVE-2021-43461.json new file mode 100644 index 00000000000..29fb9f00d09 --- /dev/null +++ b/2021/43xxx/CVE-2021-43461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43462.json b/2021/43xxx/CVE-2021-43462.json new file mode 100644 index 00000000000..25d1f83c9cc --- /dev/null +++ b/2021/43xxx/CVE-2021-43462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43463.json b/2021/43xxx/CVE-2021-43463.json new file mode 100644 index 00000000000..09abba83f66 --- /dev/null +++ b/2021/43xxx/CVE-2021-43463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43464.json b/2021/43xxx/CVE-2021-43464.json new file mode 100644 index 00000000000..90b43c9f3b5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43465.json b/2021/43xxx/CVE-2021-43465.json new file mode 100644 index 00000000000..897750fe582 --- /dev/null +++ b/2021/43xxx/CVE-2021-43465.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43465", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43466.json b/2021/43xxx/CVE-2021-43466.json new file mode 100644 index 00000000000..3321c88bbcb --- /dev/null +++ b/2021/43xxx/CVE-2021-43466.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/wayne_wwang/wayne_wwang/blob/master/2021/10/31/ruoyi+thymeleaf-rce/index.html", + "refsource": "MISC", + "name": "https://gitee.com/wayne_wwang/wayne_wwang/blob/master/2021/10/31/ruoyi+thymeleaf-rce/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43467.json b/2021/43xxx/CVE-2021-43467.json new file mode 100644 index 00000000000..f63a2805bbb --- /dev/null +++ b/2021/43xxx/CVE-2021-43467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43468.json b/2021/43xxx/CVE-2021-43468.json new file mode 100644 index 00000000000..80d8973f0f5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43469.json b/2021/43xxx/CVE-2021-43469.json new file mode 100644 index 00000000000..35bf5afe3a2 --- /dev/null +++ b/2021/43xxx/CVE-2021-43469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43470.json b/2021/43xxx/CVE-2021-43470.json new file mode 100644 index 00000000000..81c80fc603a --- /dev/null +++ b/2021/43xxx/CVE-2021-43470.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43470", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43471.json b/2021/43xxx/CVE-2021-43471.json new file mode 100644 index 00000000000..6f5a38aef60 --- /dev/null +++ b/2021/43xxx/CVE-2021-43471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43472.json b/2021/43xxx/CVE-2021-43472.json new file mode 100644 index 00000000000..4814cb1db2b --- /dev/null +++ b/2021/43xxx/CVE-2021-43472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43472", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43473.json b/2021/43xxx/CVE-2021-43473.json new file mode 100644 index 00000000000..4964fae1644 --- /dev/null +++ b/2021/43xxx/CVE-2021-43473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43473", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43474.json b/2021/43xxx/CVE-2021-43474.json new file mode 100644 index 00000000000..cd11e92b65a --- /dev/null +++ b/2021/43xxx/CVE-2021-43474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43474", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43475.json b/2021/43xxx/CVE-2021-43475.json new file mode 100644 index 00000000000..b1eaac3c03c --- /dev/null +++ b/2021/43xxx/CVE-2021-43475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43476.json b/2021/43xxx/CVE-2021-43476.json new file mode 100644 index 00000000000..ed294fa5c8b --- /dev/null +++ b/2021/43xxx/CVE-2021-43476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43476", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43477.json b/2021/43xxx/CVE-2021-43477.json new file mode 100644 index 00000000000..17033dabbc3 --- /dev/null +++ b/2021/43xxx/CVE-2021-43477.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43477", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43478.json b/2021/43xxx/CVE-2021-43478.json new file mode 100644 index 00000000000..43fb9c7ff7b --- /dev/null +++ b/2021/43xxx/CVE-2021-43478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43478", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43479.json b/2021/43xxx/CVE-2021-43479.json new file mode 100644 index 00000000000..05c2c2f31d7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43479.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43479", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43480.json b/2021/43xxx/CVE-2021-43480.json new file mode 100644 index 00000000000..e49f7ddf94c --- /dev/null +++ b/2021/43xxx/CVE-2021-43480.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43480", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43481.json b/2021/43xxx/CVE-2021-43481.json new file mode 100644 index 00000000000..eccaeed38de --- /dev/null +++ b/2021/43xxx/CVE-2021-43481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43481", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43482.json b/2021/43xxx/CVE-2021-43482.json new file mode 100644 index 00000000000..9b872964fd5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43482", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43483.json b/2021/43xxx/CVE-2021-43483.json new file mode 100644 index 00000000000..1e7cbb69882 --- /dev/null +++ b/2021/43xxx/CVE-2021-43483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43483", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43484.json b/2021/43xxx/CVE-2021-43484.json new file mode 100644 index 00000000000..423e5d6c1d4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43485.json b/2021/43xxx/CVE-2021-43485.json new file mode 100644 index 00000000000..68c8321f0ed --- /dev/null +++ b/2021/43xxx/CVE-2021-43485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43486.json b/2021/43xxx/CVE-2021-43486.json new file mode 100644 index 00000000000..a4e49dc8ee8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43487.json b/2021/43xxx/CVE-2021-43487.json new file mode 100644 index 00000000000..9d64ea208a0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43487.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43487", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43488.json b/2021/43xxx/CVE-2021-43488.json new file mode 100644 index 00000000000..c6114e863f5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43489.json b/2021/43xxx/CVE-2021-43489.json new file mode 100644 index 00000000000..e4e3cd2bb72 --- /dev/null +++ b/2021/43xxx/CVE-2021-43489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43490.json b/2021/43xxx/CVE-2021-43490.json new file mode 100644 index 00000000000..2ad1d8e72c7 --- /dev/null +++ b/2021/43xxx/CVE-2021-43490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43491.json b/2021/43xxx/CVE-2021-43491.json new file mode 100644 index 00000000000..5626cda19e1 --- /dev/null +++ b/2021/43xxx/CVE-2021-43491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43497.json b/2021/43xxx/CVE-2021-43497.json new file mode 100644 index 00000000000..94bb5aa20b4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43498.json b/2021/43xxx/CVE-2021-43498.json new file mode 100644 index 00000000000..efd386205ea --- /dev/null +++ b/2021/43xxx/CVE-2021-43498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43499.json b/2021/43xxx/CVE-2021-43499.json new file mode 100644 index 00000000000..179380cc8ad --- /dev/null +++ b/2021/43xxx/CVE-2021-43499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43500.json b/2021/43xxx/CVE-2021-43500.json new file mode 100644 index 00000000000..f6718e557f6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43501.json b/2021/43xxx/CVE-2021-43501.json new file mode 100644 index 00000000000..3dea46368e6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43502.json b/2021/43xxx/CVE-2021-43502.json new file mode 100644 index 00000000000..ac5d1cad4c4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43503.json b/2021/43xxx/CVE-2021-43503.json new file mode 100644 index 00000000000..2cc6e17228f --- /dev/null +++ b/2021/43xxx/CVE-2021-43503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43504.json b/2021/43xxx/CVE-2021-43504.json new file mode 100644 index 00000000000..f5dfa0db0ed --- /dev/null +++ b/2021/43xxx/CVE-2021-43504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43504", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43505.json b/2021/43xxx/CVE-2021-43505.json new file mode 100644 index 00000000000..4362cff6eaa --- /dev/null +++ b/2021/43xxx/CVE-2021-43505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43506.json b/2021/43xxx/CVE-2021-43506.json new file mode 100644 index 00000000000..3eff05aea0b --- /dev/null +++ b/2021/43xxx/CVE-2021-43506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43506", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43507.json b/2021/43xxx/CVE-2021-43507.json new file mode 100644 index 00000000000..1d8cd1a4131 --- /dev/null +++ b/2021/43xxx/CVE-2021-43507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43508.json b/2021/43xxx/CVE-2021-43508.json new file mode 100644 index 00000000000..6f2cb361550 --- /dev/null +++ b/2021/43xxx/CVE-2021-43508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43509.json b/2021/43xxx/CVE-2021-43509.json new file mode 100644 index 00000000000..ec94db0542c --- /dev/null +++ b/2021/43xxx/CVE-2021-43509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43510.json b/2021/43xxx/CVE-2021-43510.json new file mode 100644 index 00000000000..8d2d7a3d143 --- /dev/null +++ b/2021/43xxx/CVE-2021-43510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43511.json b/2021/43xxx/CVE-2021-43511.json new file mode 100644 index 00000000000..d27bf6b8d1c --- /dev/null +++ b/2021/43xxx/CVE-2021-43511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43512.json b/2021/43xxx/CVE-2021-43512.json new file mode 100644 index 00000000000..83aeab06530 --- /dev/null +++ b/2021/43xxx/CVE-2021-43512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43513.json b/2021/43xxx/CVE-2021-43513.json new file mode 100644 index 00000000000..f2079048106 --- /dev/null +++ b/2021/43xxx/CVE-2021-43513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43514.json b/2021/43xxx/CVE-2021-43514.json new file mode 100644 index 00000000000..85e4f239e07 --- /dev/null +++ b/2021/43xxx/CVE-2021-43514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43515.json b/2021/43xxx/CVE-2021-43515.json new file mode 100644 index 00000000000..d6edc63bd99 --- /dev/null +++ b/2021/43xxx/CVE-2021-43515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43516.json b/2021/43xxx/CVE-2021-43516.json new file mode 100644 index 00000000000..4d636b94d7f --- /dev/null +++ b/2021/43xxx/CVE-2021-43516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43517.json b/2021/43xxx/CVE-2021-43517.json new file mode 100644 index 00000000000..354b4ec2707 --- /dev/null +++ b/2021/43xxx/CVE-2021-43517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43518.json b/2021/43xxx/CVE-2021-43518.json new file mode 100644 index 00000000000..c0e645d5963 --- /dev/null +++ b/2021/43xxx/CVE-2021-43518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43519.json b/2021/43xxx/CVE-2021-43519.json new file mode 100644 index 00000000000..3a831874166 --- /dev/null +++ b/2021/43xxx/CVE-2021-43519.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://lua-users.org/lists/lua-l/2021-10/msg00123.html", + "refsource": "MISC", + "name": "http://lua-users.org/lists/lua-l/2021-10/msg00123.html" + }, + { + "url": "http://lua-users.org/lists/lua-l/2021-11/msg00015.html", + "refsource": "MISC", + "name": "http://lua-users.org/lists/lua-l/2021-11/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43520.json b/2021/43xxx/CVE-2021-43520.json new file mode 100644 index 00000000000..5fbe6fea987 --- /dev/null +++ b/2021/43xxx/CVE-2021-43520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43521.json b/2021/43xxx/CVE-2021-43521.json new file mode 100644 index 00000000000..a33ac477546 --- /dev/null +++ b/2021/43xxx/CVE-2021-43521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43521", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43522.json b/2021/43xxx/CVE-2021-43522.json new file mode 100644 index 00000000000..9186abf624b --- /dev/null +++ b/2021/43xxx/CVE-2021-43522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43522", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43524.json b/2021/43xxx/CVE-2021-43524.json new file mode 100644 index 00000000000..0a67f13a537 --- /dev/null +++ b/2021/43xxx/CVE-2021-43524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43524", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43525.json b/2021/43xxx/CVE-2021-43525.json new file mode 100644 index 00000000000..5f4db7a4004 --- /dev/null +++ b/2021/43xxx/CVE-2021-43525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43526.json b/2021/43xxx/CVE-2021-43526.json new file mode 100644 index 00000000000..468085f6d95 --- /dev/null +++ b/2021/43xxx/CVE-2021-43526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43527.json b/2021/43xxx/CVE-2021-43527.json new file mode 100644 index 00000000000..154f96c7e2b --- /dev/null +++ b/2021/43xxx/CVE-2021-43527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43527", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43528.json b/2021/43xxx/CVE-2021-43528.json new file mode 100644 index 00000000000..4b6159a781a --- /dev/null +++ b/2021/43xxx/CVE-2021-43528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43529.json b/2021/43xxx/CVE-2021-43529.json new file mode 100644 index 00000000000..dccec15ef19 --- /dev/null +++ b/2021/43xxx/CVE-2021-43529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43530.json b/2021/43xxx/CVE-2021-43530.json new file mode 100644 index 00000000000..74921941978 --- /dev/null +++ b/2021/43xxx/CVE-2021-43530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43531.json b/2021/43xxx/CVE-2021-43531.json new file mode 100644 index 00000000000..68b0c31bcbe --- /dev/null +++ b/2021/43xxx/CVE-2021-43531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43532.json b/2021/43xxx/CVE-2021-43532.json new file mode 100644 index 00000000000..4d70dbdf81e --- /dev/null +++ b/2021/43xxx/CVE-2021-43532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43533.json b/2021/43xxx/CVE-2021-43533.json new file mode 100644 index 00000000000..05ed443b51f --- /dev/null +++ b/2021/43xxx/CVE-2021-43533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43534.json b/2021/43xxx/CVE-2021-43534.json new file mode 100644 index 00000000000..bcd68347757 --- /dev/null +++ b/2021/43xxx/CVE-2021-43534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43535.json b/2021/43xxx/CVE-2021-43535.json new file mode 100644 index 00000000000..f7890ed96c4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43536.json b/2021/43xxx/CVE-2021-43536.json new file mode 100644 index 00000000000..80ba2b0ca7d --- /dev/null +++ b/2021/43xxx/CVE-2021-43536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43537.json b/2021/43xxx/CVE-2021-43537.json new file mode 100644 index 00000000000..4b491f8efc4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43538.json b/2021/43xxx/CVE-2021-43538.json new file mode 100644 index 00000000000..49923580d9b --- /dev/null +++ b/2021/43xxx/CVE-2021-43538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43539.json b/2021/43xxx/CVE-2021-43539.json new file mode 100644 index 00000000000..4f50ba1b3f5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43540.json b/2021/43xxx/CVE-2021-43540.json new file mode 100644 index 00000000000..4d0c308651e --- /dev/null +++ b/2021/43xxx/CVE-2021-43540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43541.json b/2021/43xxx/CVE-2021-43541.json new file mode 100644 index 00000000000..66a834ff111 --- /dev/null +++ b/2021/43xxx/CVE-2021-43541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43542.json b/2021/43xxx/CVE-2021-43542.json new file mode 100644 index 00000000000..99c7ca0e7e8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43543.json b/2021/43xxx/CVE-2021-43543.json new file mode 100644 index 00000000000..a3dd0161de9 --- /dev/null +++ b/2021/43xxx/CVE-2021-43543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43544.json b/2021/43xxx/CVE-2021-43544.json new file mode 100644 index 00000000000..37ab22d4921 --- /dev/null +++ b/2021/43xxx/CVE-2021-43544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43545.json b/2021/43xxx/CVE-2021-43545.json new file mode 100644 index 00000000000..be213341f0b --- /dev/null +++ b/2021/43xxx/CVE-2021-43545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43546.json b/2021/43xxx/CVE-2021-43546.json new file mode 100644 index 00000000000..6d0477a096e --- /dev/null +++ b/2021/43xxx/CVE-2021-43546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43547.json b/2021/43xxx/CVE-2021-43547.json new file mode 100644 index 00000000000..e88bb7f9ec5 --- /dev/null +++ b/2021/43xxx/CVE-2021-43547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43547", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43548.json b/2021/43xxx/CVE-2021-43548.json new file mode 100644 index 00000000000..0988c835670 --- /dev/null +++ b/2021/43xxx/CVE-2021-43548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43549.json b/2021/43xxx/CVE-2021-43549.json new file mode 100644 index 00000000000..0d9db41bff6 --- /dev/null +++ b/2021/43xxx/CVE-2021-43549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43550.json b/2021/43xxx/CVE-2021-43550.json new file mode 100644 index 00000000000..497eb35988b --- /dev/null +++ b/2021/43xxx/CVE-2021-43550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43552.json b/2021/43xxx/CVE-2021-43552.json new file mode 100644 index 00000000000..8b17f8f0fc0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43554.json b/2021/43xxx/CVE-2021-43554.json new file mode 100644 index 00000000000..e9e9c0ff652 --- /dev/null +++ b/2021/43xxx/CVE-2021-43554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43555.json b/2021/43xxx/CVE-2021-43555.json new file mode 100644 index 00000000000..37b80d33de9 --- /dev/null +++ b/2021/43xxx/CVE-2021-43555.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43555", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43556.json b/2021/43xxx/CVE-2021-43556.json new file mode 100644 index 00000000000..9618bd04d75 --- /dev/null +++ b/2021/43xxx/CVE-2021-43556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43557.json b/2021/43xxx/CVE-2021-43557.json new file mode 100644 index 00000000000..c0f345c2219 --- /dev/null +++ b/2021/43xxx/CVE-2021-43557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43558.json b/2021/43xxx/CVE-2021-43558.json new file mode 100644 index 00000000000..f941fb91bb0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43559.json b/2021/43xxx/CVE-2021-43559.json new file mode 100644 index 00000000000..c5f7afc58aa --- /dev/null +++ b/2021/43xxx/CVE-2021-43559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43560.json b/2021/43xxx/CVE-2021-43560.json new file mode 100644 index 00000000000..f2627c3479b --- /dev/null +++ b/2021/43xxx/CVE-2021-43560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43565.json b/2021/43xxx/CVE-2021-43565.json new file mode 100644 index 00000000000..1a7d2849a3f --- /dev/null +++ b/2021/43xxx/CVE-2021-43565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43566.json b/2021/43xxx/CVE-2021-43566.json new file mode 100644 index 00000000000..50100a961f9 --- /dev/null +++ b/2021/43xxx/CVE-2021-43566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43567.json b/2021/43xxx/CVE-2021-43567.json new file mode 100644 index 00000000000..825a1280a58 --- /dev/null +++ b/2021/43xxx/CVE-2021-43567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43568.json b/2021/43xxx/CVE-2021-43568.json new file mode 100644 index 00000000000..68bab1b9f7c --- /dev/null +++ b/2021/43xxx/CVE-2021-43568.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/", + "refsource": "MISC", + "name": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/" + }, + { + "url": "https://github.com/starkbank/ecdsa-elixir/releases/tag/v1.0.1", + "refsource": "MISC", + "name": "https://github.com/starkbank/ecdsa-elixir/releases/tag/v1.0.1" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43569.json b/2021/43xxx/CVE-2021-43569.json new file mode 100644 index 00000000000..ad62253a480 --- /dev/null +++ b/2021/43xxx/CVE-2021-43569.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/", + "refsource": "MISC", + "name": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/" + }, + { + "url": "https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2", + "refsource": "MISC", + "name": "https://github.com/starkbank/ecdsa-dotnet/releases/tag/v1.3.2" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43570.json b/2021/43xxx/CVE-2021-43570.json new file mode 100644 index 00000000000..b307784c5f0 --- /dev/null +++ b/2021/43xxx/CVE-2021-43570.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/", + "refsource": "MISC", + "name": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/" + }, + { + "url": "https://github.com/starkbank/ecdsa-java/releases/tag/v1.0.1", + "refsource": "MISC", + "name": "https://github.com/starkbank/ecdsa-java/releases/tag/v1.0.1" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43571.json b/2021/43xxx/CVE-2021-43571.json new file mode 100644 index 00000000000..23a52648fab --- /dev/null +++ b/2021/43xxx/CVE-2021-43571.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/", + "refsource": "MISC", + "name": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/" + }, + { + "url": "https://github.com/starkbank/ecdsa-node/releases/tag/v1.1.3", + "refsource": "MISC", + "name": "https://github.com/starkbank/ecdsa-node/releases/tag/v1.1.3" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43572.json b/2021/43xxx/CVE-2021-43572.json new file mode 100644 index 00000000000..a0f8dd874a8 --- /dev/null +++ b/2021/43xxx/CVE-2021-43572.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The verify function in the Stark Bank Python ECDSA library (ecdsa-python) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/", + "refsource": "MISC", + "name": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/" + }, + { + "url": "https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1", + "refsource": "MISC", + "name": "https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1" + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43575.json b/2021/43xxx/CVE-2021-43575.json new file mode 100644 index 00000000000..34387b40967 --- /dev/null +++ b/2021/43xxx/CVE-2021-43575.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-43575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/robertguetzkow/ets5-password-recovery", + "refsource": "MISC", + "name": "https://github.com/robertguetzkow/ets5-password-recovery" + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20622.json b/2022/20xxx/CVE-2022-20622.json new file mode 100644 index 00000000000..ef8a013646c --- /dev/null +++ b/2022/20xxx/CVE-2022-20622.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20623.json b/2022/20xxx/CVE-2022-20623.json new file mode 100644 index 00000000000..139392007e8 --- /dev/null +++ b/2022/20xxx/CVE-2022-20623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20624.json b/2022/20xxx/CVE-2022-20624.json new file mode 100644 index 00000000000..60e288fa961 --- /dev/null +++ b/2022/20xxx/CVE-2022-20624.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20624", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20625.json b/2022/20xxx/CVE-2022-20625.json new file mode 100644 index 00000000000..90b69ddda6c --- /dev/null +++ b/2022/20xxx/CVE-2022-20625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20626.json b/2022/20xxx/CVE-2022-20626.json new file mode 100644 index 00000000000..a6c6efe63ee --- /dev/null +++ b/2022/20xxx/CVE-2022-20626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20627.json b/2022/20xxx/CVE-2022-20627.json new file mode 100644 index 00000000000..8c7e9e54dba --- /dev/null +++ b/2022/20xxx/CVE-2022-20627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20628.json b/2022/20xxx/CVE-2022-20628.json new file mode 100644 index 00000000000..79936c095c0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20629.json b/2022/20xxx/CVE-2022-20629.json new file mode 100644 index 00000000000..ab4ca762ba3 --- /dev/null +++ b/2022/20xxx/CVE-2022-20629.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20629", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20630.json b/2022/20xxx/CVE-2022-20630.json new file mode 100644 index 00000000000..91c206bb021 --- /dev/null +++ b/2022/20xxx/CVE-2022-20630.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20630", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20631.json b/2022/20xxx/CVE-2022-20631.json new file mode 100644 index 00000000000..219076e0091 --- /dev/null +++ b/2022/20xxx/CVE-2022-20631.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20631", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20632.json b/2022/20xxx/CVE-2022-20632.json new file mode 100644 index 00000000000..a1e310410dc --- /dev/null +++ b/2022/20xxx/CVE-2022-20632.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20632", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20633.json b/2022/20xxx/CVE-2022-20633.json new file mode 100644 index 00000000000..eaf6db79049 --- /dev/null +++ b/2022/20xxx/CVE-2022-20633.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20633", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20634.json b/2022/20xxx/CVE-2022-20634.json new file mode 100644 index 00000000000..9c84e5c47f0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20634.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20634", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20635.json b/2022/20xxx/CVE-2022-20635.json new file mode 100644 index 00000000000..439249cbf7d --- /dev/null +++ b/2022/20xxx/CVE-2022-20635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20636.json b/2022/20xxx/CVE-2022-20636.json new file mode 100644 index 00000000000..96688d3ae3c --- /dev/null +++ b/2022/20xxx/CVE-2022-20636.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20637.json b/2022/20xxx/CVE-2022-20637.json new file mode 100644 index 00000000000..75cb6aa28fb --- /dev/null +++ b/2022/20xxx/CVE-2022-20637.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20638.json b/2022/20xxx/CVE-2022-20638.json new file mode 100644 index 00000000000..81b5706a8de --- /dev/null +++ b/2022/20xxx/CVE-2022-20638.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20638", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20639.json b/2022/20xxx/CVE-2022-20639.json new file mode 100644 index 00000000000..72e03b23bd7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20639.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20639", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20640.json b/2022/20xxx/CVE-2022-20640.json new file mode 100644 index 00000000000..12da6630b83 --- /dev/null +++ b/2022/20xxx/CVE-2022-20640.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20640", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20641.json b/2022/20xxx/CVE-2022-20641.json new file mode 100644 index 00000000000..af58940a274 --- /dev/null +++ b/2022/20xxx/CVE-2022-20641.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20641", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20642.json b/2022/20xxx/CVE-2022-20642.json new file mode 100644 index 00000000000..56152c0a704 --- /dev/null +++ b/2022/20xxx/CVE-2022-20642.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20642", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20643.json b/2022/20xxx/CVE-2022-20643.json new file mode 100644 index 00000000000..4aff0b88fa6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20643.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20643", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20644.json b/2022/20xxx/CVE-2022-20644.json new file mode 100644 index 00000000000..d2b7720636b --- /dev/null +++ b/2022/20xxx/CVE-2022-20644.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20644", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20645.json b/2022/20xxx/CVE-2022-20645.json new file mode 100644 index 00000000000..24be75ab2e8 --- /dev/null +++ b/2022/20xxx/CVE-2022-20645.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20645", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20646.json b/2022/20xxx/CVE-2022-20646.json new file mode 100644 index 00000000000..1d7501ab2ab --- /dev/null +++ b/2022/20xxx/CVE-2022-20646.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20646", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20647.json b/2022/20xxx/CVE-2022-20647.json new file mode 100644 index 00000000000..207d017344d --- /dev/null +++ b/2022/20xxx/CVE-2022-20647.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20647", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20648.json b/2022/20xxx/CVE-2022-20648.json new file mode 100644 index 00000000000..add93530d19 --- /dev/null +++ b/2022/20xxx/CVE-2022-20648.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20648", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20649.json b/2022/20xxx/CVE-2022-20649.json new file mode 100644 index 00000000000..4195fcfbda3 --- /dev/null +++ b/2022/20xxx/CVE-2022-20649.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20649", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20650.json b/2022/20xxx/CVE-2022-20650.json new file mode 100644 index 00000000000..d3275e4ebac --- /dev/null +++ b/2022/20xxx/CVE-2022-20650.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20650", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20651.json b/2022/20xxx/CVE-2022-20651.json new file mode 100644 index 00000000000..31aaad193a5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20651.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20651", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20652.json b/2022/20xxx/CVE-2022-20652.json new file mode 100644 index 00000000000..2e0c9b2e1fa --- /dev/null +++ b/2022/20xxx/CVE-2022-20652.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20652", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20653.json b/2022/20xxx/CVE-2022-20653.json new file mode 100644 index 00000000000..bdafbfec9a0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20653.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20653", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20654.json b/2022/20xxx/CVE-2022-20654.json new file mode 100644 index 00000000000..83055cb5de0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20654.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20654", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20655.json b/2022/20xxx/CVE-2022-20655.json new file mode 100644 index 00000000000..29632b1f7ee --- /dev/null +++ b/2022/20xxx/CVE-2022-20655.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20655", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20656.json b/2022/20xxx/CVE-2022-20656.json new file mode 100644 index 00000000000..f5601518793 --- /dev/null +++ b/2022/20xxx/CVE-2022-20656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20657.json b/2022/20xxx/CVE-2022-20657.json new file mode 100644 index 00000000000..fe1c6266ced --- /dev/null +++ b/2022/20xxx/CVE-2022-20657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20658.json b/2022/20xxx/CVE-2022-20658.json new file mode 100644 index 00000000000..973f9a1adc6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20659.json b/2022/20xxx/CVE-2022-20659.json new file mode 100644 index 00000000000..3039832a21a --- /dev/null +++ b/2022/20xxx/CVE-2022-20659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20660.json b/2022/20xxx/CVE-2022-20660.json new file mode 100644 index 00000000000..18ed2cfd1c8 --- /dev/null +++ b/2022/20xxx/CVE-2022-20660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20661.json b/2022/20xxx/CVE-2022-20661.json new file mode 100644 index 00000000000..3030c8c8d9e --- /dev/null +++ b/2022/20xxx/CVE-2022-20661.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20661", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20662.json b/2022/20xxx/CVE-2022-20662.json new file mode 100644 index 00000000000..11834bb64a4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20663.json b/2022/20xxx/CVE-2022-20663.json new file mode 100644 index 00000000000..cab8576c6d9 --- /dev/null +++ b/2022/20xxx/CVE-2022-20663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20664.json b/2022/20xxx/CVE-2022-20664.json new file mode 100644 index 00000000000..7d6dd64357d --- /dev/null +++ b/2022/20xxx/CVE-2022-20664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20665.json b/2022/20xxx/CVE-2022-20665.json new file mode 100644 index 00000000000..0cea2cd89bb --- /dev/null +++ b/2022/20xxx/CVE-2022-20665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20666.json b/2022/20xxx/CVE-2022-20666.json new file mode 100644 index 00000000000..0027d77e86e --- /dev/null +++ b/2022/20xxx/CVE-2022-20666.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20666", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20667.json b/2022/20xxx/CVE-2022-20667.json new file mode 100644 index 00000000000..cd5c04d99fd --- /dev/null +++ b/2022/20xxx/CVE-2022-20667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20668.json b/2022/20xxx/CVE-2022-20668.json new file mode 100644 index 00000000000..3d0a2c23eaf --- /dev/null +++ b/2022/20xxx/CVE-2022-20668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20669.json b/2022/20xxx/CVE-2022-20669.json new file mode 100644 index 00000000000..d703dc02ca6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20670.json b/2022/20xxx/CVE-2022-20670.json new file mode 100644 index 00000000000..e420a09de2a --- /dev/null +++ b/2022/20xxx/CVE-2022-20670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20671.json b/2022/20xxx/CVE-2022-20671.json new file mode 100644 index 00000000000..54d706763cd --- /dev/null +++ b/2022/20xxx/CVE-2022-20671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20672.json b/2022/20xxx/CVE-2022-20672.json new file mode 100644 index 00000000000..1e774be249a --- /dev/null +++ b/2022/20xxx/CVE-2022-20672.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20672", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20673.json b/2022/20xxx/CVE-2022-20673.json new file mode 100644 index 00000000000..b26a6bd0a4c --- /dev/null +++ b/2022/20xxx/CVE-2022-20673.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20673", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20674.json b/2022/20xxx/CVE-2022-20674.json new file mode 100644 index 00000000000..969576b2460 --- /dev/null +++ b/2022/20xxx/CVE-2022-20674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20675.json b/2022/20xxx/CVE-2022-20675.json new file mode 100644 index 00000000000..d4b90751e1b --- /dev/null +++ b/2022/20xxx/CVE-2022-20675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20676.json b/2022/20xxx/CVE-2022-20676.json new file mode 100644 index 00000000000..c688b354600 --- /dev/null +++ b/2022/20xxx/CVE-2022-20676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20677.json b/2022/20xxx/CVE-2022-20677.json new file mode 100644 index 00000000000..a1871b59cd2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20678.json b/2022/20xxx/CVE-2022-20678.json new file mode 100644 index 00000000000..4f1fe3b4791 --- /dev/null +++ b/2022/20xxx/CVE-2022-20678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20679.json b/2022/20xxx/CVE-2022-20679.json new file mode 100644 index 00000000000..be027903bce --- /dev/null +++ b/2022/20xxx/CVE-2022-20679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20680.json b/2022/20xxx/CVE-2022-20680.json new file mode 100644 index 00000000000..c77e3820770 --- /dev/null +++ b/2022/20xxx/CVE-2022-20680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20681.json b/2022/20xxx/CVE-2022-20681.json new file mode 100644 index 00000000000..136a5f10025 --- /dev/null +++ b/2022/20xxx/CVE-2022-20681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20682.json b/2022/20xxx/CVE-2022-20682.json new file mode 100644 index 00000000000..d94ad3fb369 --- /dev/null +++ b/2022/20xxx/CVE-2022-20682.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20682", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20683.json b/2022/20xxx/CVE-2022-20683.json new file mode 100644 index 00000000000..5158ad3e577 --- /dev/null +++ b/2022/20xxx/CVE-2022-20683.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20683", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20684.json b/2022/20xxx/CVE-2022-20684.json new file mode 100644 index 00000000000..e2f9ae608d5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20684.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20684", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20685.json b/2022/20xxx/CVE-2022-20685.json new file mode 100644 index 00000000000..a73132d49ec --- /dev/null +++ b/2022/20xxx/CVE-2022-20685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20686.json b/2022/20xxx/CVE-2022-20686.json new file mode 100644 index 00000000000..2adc4e8ee62 --- /dev/null +++ b/2022/20xxx/CVE-2022-20686.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20686", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20687.json b/2022/20xxx/CVE-2022-20687.json new file mode 100644 index 00000000000..88e02514b6e --- /dev/null +++ b/2022/20xxx/CVE-2022-20687.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20687", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20688.json b/2022/20xxx/CVE-2022-20688.json new file mode 100644 index 00000000000..d52fb9d0b2a --- /dev/null +++ b/2022/20xxx/CVE-2022-20688.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20688", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20689.json b/2022/20xxx/CVE-2022-20689.json new file mode 100644 index 00000000000..f7a74ac1886 --- /dev/null +++ b/2022/20xxx/CVE-2022-20689.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20689", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20690.json b/2022/20xxx/CVE-2022-20690.json new file mode 100644 index 00000000000..6527ea26ee1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20690.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20690", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20691.json b/2022/20xxx/CVE-2022-20691.json new file mode 100644 index 00000000000..a6e4adb3325 --- /dev/null +++ b/2022/20xxx/CVE-2022-20691.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20691", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20692.json b/2022/20xxx/CVE-2022-20692.json new file mode 100644 index 00000000000..3557048d46d --- /dev/null +++ b/2022/20xxx/CVE-2022-20692.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20692", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20693.json b/2022/20xxx/CVE-2022-20693.json new file mode 100644 index 00000000000..883b183d710 --- /dev/null +++ b/2022/20xxx/CVE-2022-20693.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20693", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20694.json b/2022/20xxx/CVE-2022-20694.json new file mode 100644 index 00000000000..4c94eab3c79 --- /dev/null +++ b/2022/20xxx/CVE-2022-20694.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20694", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20695.json b/2022/20xxx/CVE-2022-20695.json new file mode 100644 index 00000000000..fa77837a6ed --- /dev/null +++ b/2022/20xxx/CVE-2022-20695.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20695", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20696.json b/2022/20xxx/CVE-2022-20696.json new file mode 100644 index 00000000000..21c3dff5ebb --- /dev/null +++ b/2022/20xxx/CVE-2022-20696.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20696", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20697.json b/2022/20xxx/CVE-2022-20697.json new file mode 100644 index 00000000000..620ccf025e1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20697.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20697", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20698.json b/2022/20xxx/CVE-2022-20698.json new file mode 100644 index 00000000000..a2eb71d5522 --- /dev/null +++ b/2022/20xxx/CVE-2022-20698.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20698", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20699.json b/2022/20xxx/CVE-2022-20699.json new file mode 100644 index 00000000000..9c1fbc17d52 --- /dev/null +++ b/2022/20xxx/CVE-2022-20699.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20699", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20700.json b/2022/20xxx/CVE-2022-20700.json new file mode 100644 index 00000000000..deb9453c471 --- /dev/null +++ b/2022/20xxx/CVE-2022-20700.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20700", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20701.json b/2022/20xxx/CVE-2022-20701.json new file mode 100644 index 00000000000..b3a1342c659 --- /dev/null +++ b/2022/20xxx/CVE-2022-20701.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20701", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20702.json b/2022/20xxx/CVE-2022-20702.json new file mode 100644 index 00000000000..3744c2a2ae6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20702.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20702", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20703.json b/2022/20xxx/CVE-2022-20703.json new file mode 100644 index 00000000000..488deb28249 --- /dev/null +++ b/2022/20xxx/CVE-2022-20703.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20703", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20704.json b/2022/20xxx/CVE-2022-20704.json new file mode 100644 index 00000000000..a7652f67bfd --- /dev/null +++ b/2022/20xxx/CVE-2022-20704.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20704", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20705.json b/2022/20xxx/CVE-2022-20705.json new file mode 100644 index 00000000000..0388a833c8d --- /dev/null +++ b/2022/20xxx/CVE-2022-20705.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20705", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20706.json b/2022/20xxx/CVE-2022-20706.json new file mode 100644 index 00000000000..7964ccd11af --- /dev/null +++ b/2022/20xxx/CVE-2022-20706.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20706", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20707.json b/2022/20xxx/CVE-2022-20707.json new file mode 100644 index 00000000000..ac8f7f1c0d8 --- /dev/null +++ b/2022/20xxx/CVE-2022-20707.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20707", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20708.json b/2022/20xxx/CVE-2022-20708.json new file mode 100644 index 00000000000..7dd5ddcfdf5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20708.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20708", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20709.json b/2022/20xxx/CVE-2022-20709.json new file mode 100644 index 00000000000..95f63f38ddf --- /dev/null +++ b/2022/20xxx/CVE-2022-20709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20710.json b/2022/20xxx/CVE-2022-20710.json new file mode 100644 index 00000000000..5c0a9da80b7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20710.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20710", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20711.json b/2022/20xxx/CVE-2022-20711.json new file mode 100644 index 00000000000..17c09840762 --- /dev/null +++ b/2022/20xxx/CVE-2022-20711.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20711", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20712.json b/2022/20xxx/CVE-2022-20712.json new file mode 100644 index 00000000000..2982ecfa668 --- /dev/null +++ b/2022/20xxx/CVE-2022-20712.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20712", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20713.json b/2022/20xxx/CVE-2022-20713.json new file mode 100644 index 00000000000..f89806617ed --- /dev/null +++ b/2022/20xxx/CVE-2022-20713.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20713", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20714.json b/2022/20xxx/CVE-2022-20714.json new file mode 100644 index 00000000000..22f9e504df0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20714.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20714", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20715.json b/2022/20xxx/CVE-2022-20715.json new file mode 100644 index 00000000000..48997d63b9e --- /dev/null +++ b/2022/20xxx/CVE-2022-20715.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20715", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20716.json b/2022/20xxx/CVE-2022-20716.json new file mode 100644 index 00000000000..7f7b3c53e87 --- /dev/null +++ b/2022/20xxx/CVE-2022-20716.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20716", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20717.json b/2022/20xxx/CVE-2022-20717.json new file mode 100644 index 00000000000..11733bd538d --- /dev/null +++ b/2022/20xxx/CVE-2022-20717.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20717", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20718.json b/2022/20xxx/CVE-2022-20718.json new file mode 100644 index 00000000000..a72610a3070 --- /dev/null +++ b/2022/20xxx/CVE-2022-20718.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20718", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20719.json b/2022/20xxx/CVE-2022-20719.json new file mode 100644 index 00000000000..d9911087019 --- /dev/null +++ b/2022/20xxx/CVE-2022-20719.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20719", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20720.json b/2022/20xxx/CVE-2022-20720.json new file mode 100644 index 00000000000..bcac0c334f0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20720.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20720", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20721.json b/2022/20xxx/CVE-2022-20721.json new file mode 100644 index 00000000000..edfe926a0f6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20722.json b/2022/20xxx/CVE-2022-20722.json new file mode 100644 index 00000000000..5a6372b1e51 --- /dev/null +++ b/2022/20xxx/CVE-2022-20722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20723.json b/2022/20xxx/CVE-2022-20723.json new file mode 100644 index 00000000000..b0e224a3311 --- /dev/null +++ b/2022/20xxx/CVE-2022-20723.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20723", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20724.json b/2022/20xxx/CVE-2022-20724.json new file mode 100644 index 00000000000..dba96bf9cb3 --- /dev/null +++ b/2022/20xxx/CVE-2022-20724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20725.json b/2022/20xxx/CVE-2022-20725.json new file mode 100644 index 00000000000..6ccf5ee34c7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20725.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20725", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20726.json b/2022/20xxx/CVE-2022-20726.json new file mode 100644 index 00000000000..566f6f7f3bc --- /dev/null +++ b/2022/20xxx/CVE-2022-20726.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20726", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20727.json b/2022/20xxx/CVE-2022-20727.json new file mode 100644 index 00000000000..b684a438835 --- /dev/null +++ b/2022/20xxx/CVE-2022-20727.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20727", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20728.json b/2022/20xxx/CVE-2022-20728.json new file mode 100644 index 00000000000..638839ee0c1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20728.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20728", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20729.json b/2022/20xxx/CVE-2022-20729.json new file mode 100644 index 00000000000..6c8936818e2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20729.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20729", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20730.json b/2022/20xxx/CVE-2022-20730.json new file mode 100644 index 00000000000..9fe9094a2cd --- /dev/null +++ b/2022/20xxx/CVE-2022-20730.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20730", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20731.json b/2022/20xxx/CVE-2022-20731.json new file mode 100644 index 00000000000..dbbbcf7f1c5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20731.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20731", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20732.json b/2022/20xxx/CVE-2022-20732.json new file mode 100644 index 00000000000..1998df5fe7e --- /dev/null +++ b/2022/20xxx/CVE-2022-20732.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20732", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20733.json b/2022/20xxx/CVE-2022-20733.json new file mode 100644 index 00000000000..8cb6e565bd1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20733.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20733", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20734.json b/2022/20xxx/CVE-2022-20734.json new file mode 100644 index 00000000000..61ca88decce --- /dev/null +++ b/2022/20xxx/CVE-2022-20734.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20734", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20735.json b/2022/20xxx/CVE-2022-20735.json new file mode 100644 index 00000000000..94398049a85 --- /dev/null +++ b/2022/20xxx/CVE-2022-20735.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20735", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20736.json b/2022/20xxx/CVE-2022-20736.json new file mode 100644 index 00000000000..4c3344d44d0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20736.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20736", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20737.json b/2022/20xxx/CVE-2022-20737.json new file mode 100644 index 00000000000..ee4712b8cd2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20737.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20737", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20738.json b/2022/20xxx/CVE-2022-20738.json new file mode 100644 index 00000000000..59ce8785235 --- /dev/null +++ b/2022/20xxx/CVE-2022-20738.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20738", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20739.json b/2022/20xxx/CVE-2022-20739.json new file mode 100644 index 00000000000..ed8a9f9f283 --- /dev/null +++ b/2022/20xxx/CVE-2022-20739.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20739", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20740.json b/2022/20xxx/CVE-2022-20740.json new file mode 100644 index 00000000000..f00c564b9e0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20740.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20740", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20741.json b/2022/20xxx/CVE-2022-20741.json new file mode 100644 index 00000000000..013915e8fc7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20741.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20741", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20742.json b/2022/20xxx/CVE-2022-20742.json new file mode 100644 index 00000000000..8c127f906af --- /dev/null +++ b/2022/20xxx/CVE-2022-20742.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20742", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20743.json b/2022/20xxx/CVE-2022-20743.json new file mode 100644 index 00000000000..3fb33340a20 --- /dev/null +++ b/2022/20xxx/CVE-2022-20743.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20743", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20744.json b/2022/20xxx/CVE-2022-20744.json new file mode 100644 index 00000000000..8b6cd7bdbf4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20744.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20744", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20745.json b/2022/20xxx/CVE-2022-20745.json new file mode 100644 index 00000000000..6a761705b3a --- /dev/null +++ b/2022/20xxx/CVE-2022-20745.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20745", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20746.json b/2022/20xxx/CVE-2022-20746.json new file mode 100644 index 00000000000..3357747ebeb --- /dev/null +++ b/2022/20xxx/CVE-2022-20746.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20746", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20747.json b/2022/20xxx/CVE-2022-20747.json new file mode 100644 index 00000000000..598ee12b41b --- /dev/null +++ b/2022/20xxx/CVE-2022-20747.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20747", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20748.json b/2022/20xxx/CVE-2022-20748.json new file mode 100644 index 00000000000..8a123a165d1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20748.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20748", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20749.json b/2022/20xxx/CVE-2022-20749.json new file mode 100644 index 00000000000..fd6eb251653 --- /dev/null +++ b/2022/20xxx/CVE-2022-20749.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20749", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20750.json b/2022/20xxx/CVE-2022-20750.json new file mode 100644 index 00000000000..603700f7924 --- /dev/null +++ b/2022/20xxx/CVE-2022-20750.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20750", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20751.json b/2022/20xxx/CVE-2022-20751.json new file mode 100644 index 00000000000..60cee0875bd --- /dev/null +++ b/2022/20xxx/CVE-2022-20751.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20751", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20752.json b/2022/20xxx/CVE-2022-20752.json new file mode 100644 index 00000000000..8abed801a14 --- /dev/null +++ b/2022/20xxx/CVE-2022-20752.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20752", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20753.json b/2022/20xxx/CVE-2022-20753.json new file mode 100644 index 00000000000..ead78be0c1e --- /dev/null +++ b/2022/20xxx/CVE-2022-20753.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20753", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20754.json b/2022/20xxx/CVE-2022-20754.json new file mode 100644 index 00000000000..ad35285bdfe --- /dev/null +++ b/2022/20xxx/CVE-2022-20754.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20754", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20755.json b/2022/20xxx/CVE-2022-20755.json new file mode 100644 index 00000000000..06150409419 --- /dev/null +++ b/2022/20xxx/CVE-2022-20755.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20755", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20756.json b/2022/20xxx/CVE-2022-20756.json new file mode 100644 index 00000000000..df800ccb1e4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20756.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20756", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20757.json b/2022/20xxx/CVE-2022-20757.json new file mode 100644 index 00000000000..90b37811a00 --- /dev/null +++ b/2022/20xxx/CVE-2022-20757.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20757", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20758.json b/2022/20xxx/CVE-2022-20758.json new file mode 100644 index 00000000000..8ccb51eda2e --- /dev/null +++ b/2022/20xxx/CVE-2022-20758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20759.json b/2022/20xxx/CVE-2022-20759.json new file mode 100644 index 00000000000..0c8ae69d26f --- /dev/null +++ b/2022/20xxx/CVE-2022-20759.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20759", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20760.json b/2022/20xxx/CVE-2022-20760.json new file mode 100644 index 00000000000..eb340ff4985 --- /dev/null +++ b/2022/20xxx/CVE-2022-20760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20761.json b/2022/20xxx/CVE-2022-20761.json new file mode 100644 index 00000000000..1d7603a150a --- /dev/null +++ b/2022/20xxx/CVE-2022-20761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20762.json b/2022/20xxx/CVE-2022-20762.json new file mode 100644 index 00000000000..8dec309df63 --- /dev/null +++ b/2022/20xxx/CVE-2022-20762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20763.json b/2022/20xxx/CVE-2022-20763.json new file mode 100644 index 00000000000..c56717c1a6b --- /dev/null +++ b/2022/20xxx/CVE-2022-20763.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20763", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20764.json b/2022/20xxx/CVE-2022-20764.json new file mode 100644 index 00000000000..73b8d4915d5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20764.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20764", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20765.json b/2022/20xxx/CVE-2022-20765.json new file mode 100644 index 00000000000..b89fcf8d06f --- /dev/null +++ b/2022/20xxx/CVE-2022-20765.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20765", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20766.json b/2022/20xxx/CVE-2022-20766.json new file mode 100644 index 00000000000..de94fd457df --- /dev/null +++ b/2022/20xxx/CVE-2022-20766.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20766", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20767.json b/2022/20xxx/CVE-2022-20767.json new file mode 100644 index 00000000000..65f5d12a46e --- /dev/null +++ b/2022/20xxx/CVE-2022-20767.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20767", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20768.json b/2022/20xxx/CVE-2022-20768.json new file mode 100644 index 00000000000..76cfbc44451 --- /dev/null +++ b/2022/20xxx/CVE-2022-20768.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20768", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20769.json b/2022/20xxx/CVE-2022-20769.json new file mode 100644 index 00000000000..d15903c80d0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20769.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20769", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20770.json b/2022/20xxx/CVE-2022-20770.json new file mode 100644 index 00000000000..9bf65a972a4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20770.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20770", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20771.json b/2022/20xxx/CVE-2022-20771.json new file mode 100644 index 00000000000..0578a24c63d --- /dev/null +++ b/2022/20xxx/CVE-2022-20771.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20771", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20772.json b/2022/20xxx/CVE-2022-20772.json new file mode 100644 index 00000000000..9dd7d15cb25 --- /dev/null +++ b/2022/20xxx/CVE-2022-20772.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20772", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20773.json b/2022/20xxx/CVE-2022-20773.json new file mode 100644 index 00000000000..eca3e5b6558 --- /dev/null +++ b/2022/20xxx/CVE-2022-20773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20774.json b/2022/20xxx/CVE-2022-20774.json new file mode 100644 index 00000000000..ebefe6646a1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20775.json b/2022/20xxx/CVE-2022-20775.json new file mode 100644 index 00000000000..51261b41a94 --- /dev/null +++ b/2022/20xxx/CVE-2022-20775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20776.json b/2022/20xxx/CVE-2022-20776.json new file mode 100644 index 00000000000..3ec3f4764fb --- /dev/null +++ b/2022/20xxx/CVE-2022-20776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20776", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20777.json b/2022/20xxx/CVE-2022-20777.json new file mode 100644 index 00000000000..ef3195bf0c2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20778.json b/2022/20xxx/CVE-2022-20778.json new file mode 100644 index 00000000000..5aa1736c7da --- /dev/null +++ b/2022/20xxx/CVE-2022-20778.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20778", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20779.json b/2022/20xxx/CVE-2022-20779.json new file mode 100644 index 00000000000..ccfed5a1f26 --- /dev/null +++ b/2022/20xxx/CVE-2022-20779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20780.json b/2022/20xxx/CVE-2022-20780.json new file mode 100644 index 00000000000..df4620f55e5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20781.json b/2022/20xxx/CVE-2022-20781.json new file mode 100644 index 00000000000..17d90936f74 --- /dev/null +++ b/2022/20xxx/CVE-2022-20781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20782.json b/2022/20xxx/CVE-2022-20782.json new file mode 100644 index 00000000000..2320aa46d1b --- /dev/null +++ b/2022/20xxx/CVE-2022-20782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20783.json b/2022/20xxx/CVE-2022-20783.json new file mode 100644 index 00000000000..859cb4a2fd2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20784.json b/2022/20xxx/CVE-2022-20784.json new file mode 100644 index 00000000000..0628ca7cadf --- /dev/null +++ b/2022/20xxx/CVE-2022-20784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20785.json b/2022/20xxx/CVE-2022-20785.json new file mode 100644 index 00000000000..b0b6c7659f2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20786.json b/2022/20xxx/CVE-2022-20786.json new file mode 100644 index 00000000000..41d864320ad --- /dev/null +++ b/2022/20xxx/CVE-2022-20786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20787.json b/2022/20xxx/CVE-2022-20787.json new file mode 100644 index 00000000000..0ced4fe4ff7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20788.json b/2022/20xxx/CVE-2022-20788.json new file mode 100644 index 00000000000..ad76be98d3a --- /dev/null +++ b/2022/20xxx/CVE-2022-20788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20789.json b/2022/20xxx/CVE-2022-20789.json new file mode 100644 index 00000000000..1b4015c52b7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20790.json b/2022/20xxx/CVE-2022-20790.json new file mode 100644 index 00000000000..e92812a12b9 --- /dev/null +++ b/2022/20xxx/CVE-2022-20790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20791.json b/2022/20xxx/CVE-2022-20791.json new file mode 100644 index 00000000000..266715c1e7d --- /dev/null +++ b/2022/20xxx/CVE-2022-20791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20792.json b/2022/20xxx/CVE-2022-20792.json new file mode 100644 index 00000000000..5180425251a --- /dev/null +++ b/2022/20xxx/CVE-2022-20792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20793.json b/2022/20xxx/CVE-2022-20793.json new file mode 100644 index 00000000000..3f5ef074375 --- /dev/null +++ b/2022/20xxx/CVE-2022-20793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20794.json b/2022/20xxx/CVE-2022-20794.json new file mode 100644 index 00000000000..d2cc9217f45 --- /dev/null +++ b/2022/20xxx/CVE-2022-20794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20795.json b/2022/20xxx/CVE-2022-20795.json new file mode 100644 index 00000000000..e828aff055f --- /dev/null +++ b/2022/20xxx/CVE-2022-20795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20796.json b/2022/20xxx/CVE-2022-20796.json new file mode 100644 index 00000000000..5b1cab96643 --- /dev/null +++ b/2022/20xxx/CVE-2022-20796.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20796", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20797.json b/2022/20xxx/CVE-2022-20797.json new file mode 100644 index 00000000000..f57e56412da --- /dev/null +++ b/2022/20xxx/CVE-2022-20797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20798.json b/2022/20xxx/CVE-2022-20798.json new file mode 100644 index 00000000000..db1c9e12d15 --- /dev/null +++ b/2022/20xxx/CVE-2022-20798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20799.json b/2022/20xxx/CVE-2022-20799.json new file mode 100644 index 00000000000..46f0359b70e --- /dev/null +++ b/2022/20xxx/CVE-2022-20799.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20799", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20800.json b/2022/20xxx/CVE-2022-20800.json new file mode 100644 index 00000000000..391755f5460 --- /dev/null +++ b/2022/20xxx/CVE-2022-20800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20801.json b/2022/20xxx/CVE-2022-20801.json new file mode 100644 index 00000000000..6a4a4bc6129 --- /dev/null +++ b/2022/20xxx/CVE-2022-20801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20802.json b/2022/20xxx/CVE-2022-20802.json new file mode 100644 index 00000000000..a64bdb0d63b --- /dev/null +++ b/2022/20xxx/CVE-2022-20802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20803.json b/2022/20xxx/CVE-2022-20803.json new file mode 100644 index 00000000000..31710bfb950 --- /dev/null +++ b/2022/20xxx/CVE-2022-20803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20804.json b/2022/20xxx/CVE-2022-20804.json new file mode 100644 index 00000000000..7c54f3c9c68 --- /dev/null +++ b/2022/20xxx/CVE-2022-20804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20805.json b/2022/20xxx/CVE-2022-20805.json new file mode 100644 index 00000000000..78ab7ba84d0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20806.json b/2022/20xxx/CVE-2022-20806.json new file mode 100644 index 00000000000..b5245e345af --- /dev/null +++ b/2022/20xxx/CVE-2022-20806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20807.json b/2022/20xxx/CVE-2022-20807.json new file mode 100644 index 00000000000..4941e461644 --- /dev/null +++ b/2022/20xxx/CVE-2022-20807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20808.json b/2022/20xxx/CVE-2022-20808.json new file mode 100644 index 00000000000..b53c1843c7b --- /dev/null +++ b/2022/20xxx/CVE-2022-20808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20809.json b/2022/20xxx/CVE-2022-20809.json new file mode 100644 index 00000000000..c29b21a8320 --- /dev/null +++ b/2022/20xxx/CVE-2022-20809.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20809", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20810.json b/2022/20xxx/CVE-2022-20810.json new file mode 100644 index 00000000000..e5629b23b3f --- /dev/null +++ b/2022/20xxx/CVE-2022-20810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20811.json b/2022/20xxx/CVE-2022-20811.json new file mode 100644 index 00000000000..475a22076f3 --- /dev/null +++ b/2022/20xxx/CVE-2022-20811.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20811", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20812.json b/2022/20xxx/CVE-2022-20812.json new file mode 100644 index 00000000000..b99639f5cf2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20812.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20812", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20813.json b/2022/20xxx/CVE-2022-20813.json new file mode 100644 index 00000000000..a8721929491 --- /dev/null +++ b/2022/20xxx/CVE-2022-20813.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20813", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20814.json b/2022/20xxx/CVE-2022-20814.json new file mode 100644 index 00000000000..03b66d74e27 --- /dev/null +++ b/2022/20xxx/CVE-2022-20814.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20814", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20815.json b/2022/20xxx/CVE-2022-20815.json new file mode 100644 index 00000000000..5071f5a813a --- /dev/null +++ b/2022/20xxx/CVE-2022-20815.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20815", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20816.json b/2022/20xxx/CVE-2022-20816.json new file mode 100644 index 00000000000..1caae9b5ad8 --- /dev/null +++ b/2022/20xxx/CVE-2022-20816.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20816", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20817.json b/2022/20xxx/CVE-2022-20817.json new file mode 100644 index 00000000000..f8b389fab42 --- /dev/null +++ b/2022/20xxx/CVE-2022-20817.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20817", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20818.json b/2022/20xxx/CVE-2022-20818.json new file mode 100644 index 00000000000..1816f8e4ce9 --- /dev/null +++ b/2022/20xxx/CVE-2022-20818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20819.json b/2022/20xxx/CVE-2022-20819.json new file mode 100644 index 00000000000..276b1876e58 --- /dev/null +++ b/2022/20xxx/CVE-2022-20819.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20819", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20820.json b/2022/20xxx/CVE-2022-20820.json new file mode 100644 index 00000000000..963b0e366be --- /dev/null +++ b/2022/20xxx/CVE-2022-20820.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20820", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20821.json b/2022/20xxx/CVE-2022-20821.json new file mode 100644 index 00000000000..c096e3fc7ef --- /dev/null +++ b/2022/20xxx/CVE-2022-20821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20822.json b/2022/20xxx/CVE-2022-20822.json new file mode 100644 index 00000000000..68857219ed1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20822.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20822", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20823.json b/2022/20xxx/CVE-2022-20823.json new file mode 100644 index 00000000000..5452131a14a --- /dev/null +++ b/2022/20xxx/CVE-2022-20823.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20823", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20824.json b/2022/20xxx/CVE-2022-20824.json new file mode 100644 index 00000000000..b2dad666c1a --- /dev/null +++ b/2022/20xxx/CVE-2022-20824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20825.json b/2022/20xxx/CVE-2022-20825.json new file mode 100644 index 00000000000..3646413972a --- /dev/null +++ b/2022/20xxx/CVE-2022-20825.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20825", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20826.json b/2022/20xxx/CVE-2022-20826.json new file mode 100644 index 00000000000..662a2db8fbc --- /dev/null +++ b/2022/20xxx/CVE-2022-20826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20827.json b/2022/20xxx/CVE-2022-20827.json new file mode 100644 index 00000000000..5a746309208 --- /dev/null +++ b/2022/20xxx/CVE-2022-20827.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20827", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20828.json b/2022/20xxx/CVE-2022-20828.json new file mode 100644 index 00000000000..fd97b9c9739 --- /dev/null +++ b/2022/20xxx/CVE-2022-20828.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20828", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20829.json b/2022/20xxx/CVE-2022-20829.json new file mode 100644 index 00000000000..9f105356dd5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20829.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20829", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20830.json b/2022/20xxx/CVE-2022-20830.json new file mode 100644 index 00000000000..e1573881fc9 --- /dev/null +++ b/2022/20xxx/CVE-2022-20830.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20830", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20831.json b/2022/20xxx/CVE-2022-20831.json new file mode 100644 index 00000000000..4c7b9c1c5d5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20831.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20831", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20832.json b/2022/20xxx/CVE-2022-20832.json new file mode 100644 index 00000000000..b8770447a49 --- /dev/null +++ b/2022/20xxx/CVE-2022-20832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20833.json b/2022/20xxx/CVE-2022-20833.json new file mode 100644 index 00000000000..9926c5ad9b5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20834.json b/2022/20xxx/CVE-2022-20834.json new file mode 100644 index 00000000000..90492b1ffbd --- /dev/null +++ b/2022/20xxx/CVE-2022-20834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20835.json b/2022/20xxx/CVE-2022-20835.json new file mode 100644 index 00000000000..07a61884505 --- /dev/null +++ b/2022/20xxx/CVE-2022-20835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20836.json b/2022/20xxx/CVE-2022-20836.json new file mode 100644 index 00000000000..0c1bb4e0538 --- /dev/null +++ b/2022/20xxx/CVE-2022-20836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20837.json b/2022/20xxx/CVE-2022-20837.json new file mode 100644 index 00000000000..d37b64cba09 --- /dev/null +++ b/2022/20xxx/CVE-2022-20837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20838.json b/2022/20xxx/CVE-2022-20838.json new file mode 100644 index 00000000000..ba834fecd01 --- /dev/null +++ b/2022/20xxx/CVE-2022-20838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20839.json b/2022/20xxx/CVE-2022-20839.json new file mode 100644 index 00000000000..1d2bf0fb734 --- /dev/null +++ b/2022/20xxx/CVE-2022-20839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20840.json b/2022/20xxx/CVE-2022-20840.json new file mode 100644 index 00000000000..b4239a68038 --- /dev/null +++ b/2022/20xxx/CVE-2022-20840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20841.json b/2022/20xxx/CVE-2022-20841.json new file mode 100644 index 00000000000..e8c6d7a4945 --- /dev/null +++ b/2022/20xxx/CVE-2022-20841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20842.json b/2022/20xxx/CVE-2022-20842.json new file mode 100644 index 00000000000..34fc3d4613b --- /dev/null +++ b/2022/20xxx/CVE-2022-20842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20843.json b/2022/20xxx/CVE-2022-20843.json new file mode 100644 index 00000000000..1a6f2b8818a --- /dev/null +++ b/2022/20xxx/CVE-2022-20843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20844.json b/2022/20xxx/CVE-2022-20844.json new file mode 100644 index 00000000000..c41180d0436 --- /dev/null +++ b/2022/20xxx/CVE-2022-20844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20845.json b/2022/20xxx/CVE-2022-20845.json new file mode 100644 index 00000000000..0109ebd2a3f --- /dev/null +++ b/2022/20xxx/CVE-2022-20845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20846.json b/2022/20xxx/CVE-2022-20846.json new file mode 100644 index 00000000000..c8ffdc244f7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20847.json b/2022/20xxx/CVE-2022-20847.json new file mode 100644 index 00000000000..317e4c6e4f9 --- /dev/null +++ b/2022/20xxx/CVE-2022-20847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20848.json b/2022/20xxx/CVE-2022-20848.json new file mode 100644 index 00000000000..08adbcc7885 --- /dev/null +++ b/2022/20xxx/CVE-2022-20848.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20848", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20849.json b/2022/20xxx/CVE-2022-20849.json new file mode 100644 index 00000000000..e7bba8de327 --- /dev/null +++ b/2022/20xxx/CVE-2022-20849.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20849", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20850.json b/2022/20xxx/CVE-2022-20850.json new file mode 100644 index 00000000000..961c6f32ac7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20851.json b/2022/20xxx/CVE-2022-20851.json new file mode 100644 index 00000000000..12714239745 --- /dev/null +++ b/2022/20xxx/CVE-2022-20851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20852.json b/2022/20xxx/CVE-2022-20852.json new file mode 100644 index 00000000000..4906af7c867 --- /dev/null +++ b/2022/20xxx/CVE-2022-20852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20853.json b/2022/20xxx/CVE-2022-20853.json new file mode 100644 index 00000000000..1f4b8864723 --- /dev/null +++ b/2022/20xxx/CVE-2022-20853.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20853", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20854.json b/2022/20xxx/CVE-2022-20854.json new file mode 100644 index 00000000000..2a4ab7e63a6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20855.json b/2022/20xxx/CVE-2022-20855.json new file mode 100644 index 00000000000..2e77b183965 --- /dev/null +++ b/2022/20xxx/CVE-2022-20855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20856.json b/2022/20xxx/CVE-2022-20856.json new file mode 100644 index 00000000000..307079b7d0a --- /dev/null +++ b/2022/20xxx/CVE-2022-20856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20857.json b/2022/20xxx/CVE-2022-20857.json new file mode 100644 index 00000000000..e659b72ff6f --- /dev/null +++ b/2022/20xxx/CVE-2022-20857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20858.json b/2022/20xxx/CVE-2022-20858.json new file mode 100644 index 00000000000..879c721b76a --- /dev/null +++ b/2022/20xxx/CVE-2022-20858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20859.json b/2022/20xxx/CVE-2022-20859.json new file mode 100644 index 00000000000..eed04708f71 --- /dev/null +++ b/2022/20xxx/CVE-2022-20859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20860.json b/2022/20xxx/CVE-2022-20860.json new file mode 100644 index 00000000000..53a31c41445 --- /dev/null +++ b/2022/20xxx/CVE-2022-20860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20861.json b/2022/20xxx/CVE-2022-20861.json new file mode 100644 index 00000000000..692e73a4d23 --- /dev/null +++ b/2022/20xxx/CVE-2022-20861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20862.json b/2022/20xxx/CVE-2022-20862.json new file mode 100644 index 00000000000..9ea2613fd84 --- /dev/null +++ b/2022/20xxx/CVE-2022-20862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20863.json b/2022/20xxx/CVE-2022-20863.json new file mode 100644 index 00000000000..8e3f833475e --- /dev/null +++ b/2022/20xxx/CVE-2022-20863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20864.json b/2022/20xxx/CVE-2022-20864.json new file mode 100644 index 00000000000..9ed4574a712 --- /dev/null +++ b/2022/20xxx/CVE-2022-20864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20865.json b/2022/20xxx/CVE-2022-20865.json new file mode 100644 index 00000000000..475b87296ad --- /dev/null +++ b/2022/20xxx/CVE-2022-20865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20866.json b/2022/20xxx/CVE-2022-20866.json new file mode 100644 index 00000000000..f332b61a6c4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20867.json b/2022/20xxx/CVE-2022-20867.json new file mode 100644 index 00000000000..9ce3886ff3b --- /dev/null +++ b/2022/20xxx/CVE-2022-20867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20868.json b/2022/20xxx/CVE-2022-20868.json new file mode 100644 index 00000000000..2241591d586 --- /dev/null +++ b/2022/20xxx/CVE-2022-20868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20869.json b/2022/20xxx/CVE-2022-20869.json new file mode 100644 index 00000000000..d7d82b784d7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20870.json b/2022/20xxx/CVE-2022-20870.json new file mode 100644 index 00000000000..9a28c238f3c --- /dev/null +++ b/2022/20xxx/CVE-2022-20870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20871.json b/2022/20xxx/CVE-2022-20871.json new file mode 100644 index 00000000000..f6379bfe9ae --- /dev/null +++ b/2022/20xxx/CVE-2022-20871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20872.json b/2022/20xxx/CVE-2022-20872.json new file mode 100644 index 00000000000..5639cb57b81 --- /dev/null +++ b/2022/20xxx/CVE-2022-20872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20873.json b/2022/20xxx/CVE-2022-20873.json new file mode 100644 index 00000000000..6160d079f8a --- /dev/null +++ b/2022/20xxx/CVE-2022-20873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20874.json b/2022/20xxx/CVE-2022-20874.json new file mode 100644 index 00000000000..74f20e0be1c --- /dev/null +++ b/2022/20xxx/CVE-2022-20874.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20874", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20875.json b/2022/20xxx/CVE-2022-20875.json new file mode 100644 index 00000000000..faf992f0bf3 --- /dev/null +++ b/2022/20xxx/CVE-2022-20875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20876.json b/2022/20xxx/CVE-2022-20876.json new file mode 100644 index 00000000000..c3f87ea5346 --- /dev/null +++ b/2022/20xxx/CVE-2022-20876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20877.json b/2022/20xxx/CVE-2022-20877.json new file mode 100644 index 00000000000..fa7756fcdbf --- /dev/null +++ b/2022/20xxx/CVE-2022-20877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20878.json b/2022/20xxx/CVE-2022-20878.json new file mode 100644 index 00000000000..441d4101de4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20879.json b/2022/20xxx/CVE-2022-20879.json new file mode 100644 index 00000000000..d87115517e6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20880.json b/2022/20xxx/CVE-2022-20880.json new file mode 100644 index 00000000000..c86c7197dbd --- /dev/null +++ b/2022/20xxx/CVE-2022-20880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20881.json b/2022/20xxx/CVE-2022-20881.json new file mode 100644 index 00000000000..a655452716c --- /dev/null +++ b/2022/20xxx/CVE-2022-20881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20882.json b/2022/20xxx/CVE-2022-20882.json new file mode 100644 index 00000000000..81f28d4cd60 --- /dev/null +++ b/2022/20xxx/CVE-2022-20882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20883.json b/2022/20xxx/CVE-2022-20883.json new file mode 100644 index 00000000000..8413bdfaae1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20884.json b/2022/20xxx/CVE-2022-20884.json new file mode 100644 index 00000000000..7e008ef0cd1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20885.json b/2022/20xxx/CVE-2022-20885.json new file mode 100644 index 00000000000..18ba2889b9e --- /dev/null +++ b/2022/20xxx/CVE-2022-20885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20886.json b/2022/20xxx/CVE-2022-20886.json new file mode 100644 index 00000000000..e40fd3c8be4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20886.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20886", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20887.json b/2022/20xxx/CVE-2022-20887.json new file mode 100644 index 00000000000..52f3e93c513 --- /dev/null +++ b/2022/20xxx/CVE-2022-20887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20888.json b/2022/20xxx/CVE-2022-20888.json new file mode 100644 index 00000000000..0ed56506f5a --- /dev/null +++ b/2022/20xxx/CVE-2022-20888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20889.json b/2022/20xxx/CVE-2022-20889.json new file mode 100644 index 00000000000..ae6c2f34ea7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20890.json b/2022/20xxx/CVE-2022-20890.json new file mode 100644 index 00000000000..18ab8917a96 --- /dev/null +++ b/2022/20xxx/CVE-2022-20890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20891.json b/2022/20xxx/CVE-2022-20891.json new file mode 100644 index 00000000000..3071e77a127 --- /dev/null +++ b/2022/20xxx/CVE-2022-20891.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20891", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20892.json b/2022/20xxx/CVE-2022-20892.json new file mode 100644 index 00000000000..edc370c6d5b --- /dev/null +++ b/2022/20xxx/CVE-2022-20892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20893.json b/2022/20xxx/CVE-2022-20893.json new file mode 100644 index 00000000000..050c231eb4f --- /dev/null +++ b/2022/20xxx/CVE-2022-20893.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20893", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20894.json b/2022/20xxx/CVE-2022-20894.json new file mode 100644 index 00000000000..98300cd276b --- /dev/null +++ b/2022/20xxx/CVE-2022-20894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20895.json b/2022/20xxx/CVE-2022-20895.json new file mode 100644 index 00000000000..b47e2ca9ec7 --- /dev/null +++ b/2022/20xxx/CVE-2022-20895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20896.json b/2022/20xxx/CVE-2022-20896.json new file mode 100644 index 00000000000..793d31b1c65 --- /dev/null +++ b/2022/20xxx/CVE-2022-20896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20897.json b/2022/20xxx/CVE-2022-20897.json new file mode 100644 index 00000000000..57898baf3ca --- /dev/null +++ b/2022/20xxx/CVE-2022-20897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20898.json b/2022/20xxx/CVE-2022-20898.json new file mode 100644 index 00000000000..4e078b31fe2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20899.json b/2022/20xxx/CVE-2022-20899.json new file mode 100644 index 00000000000..10fb47885e8 --- /dev/null +++ b/2022/20xxx/CVE-2022-20899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20900.json b/2022/20xxx/CVE-2022-20900.json new file mode 100644 index 00000000000..b3c5d987b00 --- /dev/null +++ b/2022/20xxx/CVE-2022-20900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20901.json b/2022/20xxx/CVE-2022-20901.json new file mode 100644 index 00000000000..b56a15ff211 --- /dev/null +++ b/2022/20xxx/CVE-2022-20901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20902.json b/2022/20xxx/CVE-2022-20902.json new file mode 100644 index 00000000000..6b64cd046f9 --- /dev/null +++ b/2022/20xxx/CVE-2022-20902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20903.json b/2022/20xxx/CVE-2022-20903.json new file mode 100644 index 00000000000..1933415dc01 --- /dev/null +++ b/2022/20xxx/CVE-2022-20903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20904.json b/2022/20xxx/CVE-2022-20904.json new file mode 100644 index 00000000000..d537ecc2d43 --- /dev/null +++ b/2022/20xxx/CVE-2022-20904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20905.json b/2022/20xxx/CVE-2022-20905.json new file mode 100644 index 00000000000..0e19ccdf982 --- /dev/null +++ b/2022/20xxx/CVE-2022-20905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20906.json b/2022/20xxx/CVE-2022-20906.json new file mode 100644 index 00000000000..117c60350d0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20906.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20906", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20907.json b/2022/20xxx/CVE-2022-20907.json new file mode 100644 index 00000000000..74ab9573201 --- /dev/null +++ b/2022/20xxx/CVE-2022-20907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20908.json b/2022/20xxx/CVE-2022-20908.json new file mode 100644 index 00000000000..b03539fa93b --- /dev/null +++ b/2022/20xxx/CVE-2022-20908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20909.json b/2022/20xxx/CVE-2022-20909.json new file mode 100644 index 00000000000..3820c8f2f5e --- /dev/null +++ b/2022/20xxx/CVE-2022-20909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20910.json b/2022/20xxx/CVE-2022-20910.json new file mode 100644 index 00000000000..3d938365b85 --- /dev/null +++ b/2022/20xxx/CVE-2022-20910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20911.json b/2022/20xxx/CVE-2022-20911.json new file mode 100644 index 00000000000..29911a5aed1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20912.json b/2022/20xxx/CVE-2022-20912.json new file mode 100644 index 00000000000..ea0364c8cf6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20913.json b/2022/20xxx/CVE-2022-20913.json new file mode 100644 index 00000000000..753d08130b5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20914.json b/2022/20xxx/CVE-2022-20914.json new file mode 100644 index 00000000000..db6a7825ec0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20915.json b/2022/20xxx/CVE-2022-20915.json new file mode 100644 index 00000000000..0884e00e620 --- /dev/null +++ b/2022/20xxx/CVE-2022-20915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20916.json b/2022/20xxx/CVE-2022-20916.json new file mode 100644 index 00000000000..c6086858728 --- /dev/null +++ b/2022/20xxx/CVE-2022-20916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20917.json b/2022/20xxx/CVE-2022-20917.json new file mode 100644 index 00000000000..e5b63812d0c --- /dev/null +++ b/2022/20xxx/CVE-2022-20917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20918.json b/2022/20xxx/CVE-2022-20918.json new file mode 100644 index 00000000000..39d83305129 --- /dev/null +++ b/2022/20xxx/CVE-2022-20918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20919.json b/2022/20xxx/CVE-2022-20919.json new file mode 100644 index 00000000000..336fa1bd656 --- /dev/null +++ b/2022/20xxx/CVE-2022-20919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20920.json b/2022/20xxx/CVE-2022-20920.json new file mode 100644 index 00000000000..cf4e0b009bb --- /dev/null +++ b/2022/20xxx/CVE-2022-20920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20921.json b/2022/20xxx/CVE-2022-20921.json new file mode 100644 index 00000000000..1d62c82ee57 --- /dev/null +++ b/2022/20xxx/CVE-2022-20921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20922.json b/2022/20xxx/CVE-2022-20922.json new file mode 100644 index 00000000000..9c19cdce5df --- /dev/null +++ b/2022/20xxx/CVE-2022-20922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20923.json b/2022/20xxx/CVE-2022-20923.json new file mode 100644 index 00000000000..4ceb368e53f --- /dev/null +++ b/2022/20xxx/CVE-2022-20923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20924.json b/2022/20xxx/CVE-2022-20924.json new file mode 100644 index 00000000000..600ac9edabe --- /dev/null +++ b/2022/20xxx/CVE-2022-20924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20925.json b/2022/20xxx/CVE-2022-20925.json new file mode 100644 index 00000000000..36b5c26733f --- /dev/null +++ b/2022/20xxx/CVE-2022-20925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20926.json b/2022/20xxx/CVE-2022-20926.json new file mode 100644 index 00000000000..1648bc85f12 --- /dev/null +++ b/2022/20xxx/CVE-2022-20926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20927.json b/2022/20xxx/CVE-2022-20927.json new file mode 100644 index 00000000000..0782b8d65a5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20928.json b/2022/20xxx/CVE-2022-20928.json new file mode 100644 index 00000000000..6c61e60683c --- /dev/null +++ b/2022/20xxx/CVE-2022-20928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20929.json b/2022/20xxx/CVE-2022-20929.json new file mode 100644 index 00000000000..29fffd520b0 --- /dev/null +++ b/2022/20xxx/CVE-2022-20929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20930.json b/2022/20xxx/CVE-2022-20930.json new file mode 100644 index 00000000000..02e227baf9f --- /dev/null +++ b/2022/20xxx/CVE-2022-20930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20931.json b/2022/20xxx/CVE-2022-20931.json new file mode 100644 index 00000000000..2cbe78355ee --- /dev/null +++ b/2022/20xxx/CVE-2022-20931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20932.json b/2022/20xxx/CVE-2022-20932.json new file mode 100644 index 00000000000..061b98ac295 --- /dev/null +++ b/2022/20xxx/CVE-2022-20932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20933.json b/2022/20xxx/CVE-2022-20933.json new file mode 100644 index 00000000000..1b5676da092 --- /dev/null +++ b/2022/20xxx/CVE-2022-20933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20934.json b/2022/20xxx/CVE-2022-20934.json new file mode 100644 index 00000000000..ec7ce27dea3 --- /dev/null +++ b/2022/20xxx/CVE-2022-20934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20935.json b/2022/20xxx/CVE-2022-20935.json new file mode 100644 index 00000000000..015b7993b38 --- /dev/null +++ b/2022/20xxx/CVE-2022-20935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20936.json b/2022/20xxx/CVE-2022-20936.json new file mode 100644 index 00000000000..cfc18b21a5c --- /dev/null +++ b/2022/20xxx/CVE-2022-20936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20937.json b/2022/20xxx/CVE-2022-20937.json new file mode 100644 index 00000000000..0e61465f122 --- /dev/null +++ b/2022/20xxx/CVE-2022-20937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20938.json b/2022/20xxx/CVE-2022-20938.json new file mode 100644 index 00000000000..979398b1022 --- /dev/null +++ b/2022/20xxx/CVE-2022-20938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20939.json b/2022/20xxx/CVE-2022-20939.json new file mode 100644 index 00000000000..282eaf1443a --- /dev/null +++ b/2022/20xxx/CVE-2022-20939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20940.json b/2022/20xxx/CVE-2022-20940.json new file mode 100644 index 00000000000..39ea1dd30d8 --- /dev/null +++ b/2022/20xxx/CVE-2022-20940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20941.json b/2022/20xxx/CVE-2022-20941.json new file mode 100644 index 00000000000..c0b6f51bf77 --- /dev/null +++ b/2022/20xxx/CVE-2022-20941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20942.json b/2022/20xxx/CVE-2022-20942.json new file mode 100644 index 00000000000..12d64b12e6d --- /dev/null +++ b/2022/20xxx/CVE-2022-20942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20943.json b/2022/20xxx/CVE-2022-20943.json new file mode 100644 index 00000000000..0ef3c1bdc67 --- /dev/null +++ b/2022/20xxx/CVE-2022-20943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20944.json b/2022/20xxx/CVE-2022-20944.json new file mode 100644 index 00000000000..3cf91554e56 --- /dev/null +++ b/2022/20xxx/CVE-2022-20944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20945.json b/2022/20xxx/CVE-2022-20945.json new file mode 100644 index 00000000000..69aa850c3e5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20946.json b/2022/20xxx/CVE-2022-20946.json new file mode 100644 index 00000000000..ea2a9707724 --- /dev/null +++ b/2022/20xxx/CVE-2022-20946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20947.json b/2022/20xxx/CVE-2022-20947.json new file mode 100644 index 00000000000..faa0c344e24 --- /dev/null +++ b/2022/20xxx/CVE-2022-20947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20948.json b/2022/20xxx/CVE-2022-20948.json new file mode 100644 index 00000000000..cc7492f867b --- /dev/null +++ b/2022/20xxx/CVE-2022-20948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20949.json b/2022/20xxx/CVE-2022-20949.json new file mode 100644 index 00000000000..334b2d4b3c6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20949.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20949", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20950.json b/2022/20xxx/CVE-2022-20950.json new file mode 100644 index 00000000000..13bba06b84e --- /dev/null +++ b/2022/20xxx/CVE-2022-20950.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20950", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20951.json b/2022/20xxx/CVE-2022-20951.json new file mode 100644 index 00000000000..93b330419ef --- /dev/null +++ b/2022/20xxx/CVE-2022-20951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20952.json b/2022/20xxx/CVE-2022-20952.json new file mode 100644 index 00000000000..8c76b7269a2 --- /dev/null +++ b/2022/20xxx/CVE-2022-20952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20953.json b/2022/20xxx/CVE-2022-20953.json new file mode 100644 index 00000000000..c31ac4876e9 --- /dev/null +++ b/2022/20xxx/CVE-2022-20953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20954.json b/2022/20xxx/CVE-2022-20954.json new file mode 100644 index 00000000000..0efa5d62b5a --- /dev/null +++ b/2022/20xxx/CVE-2022-20954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20955.json b/2022/20xxx/CVE-2022-20955.json new file mode 100644 index 00000000000..2a039c26827 --- /dev/null +++ b/2022/20xxx/CVE-2022-20955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20956.json b/2022/20xxx/CVE-2022-20956.json new file mode 100644 index 00000000000..31e92de0326 --- /dev/null +++ b/2022/20xxx/CVE-2022-20956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20957.json b/2022/20xxx/CVE-2022-20957.json new file mode 100644 index 00000000000..dfea7aed86a --- /dev/null +++ b/2022/20xxx/CVE-2022-20957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20958.json b/2022/20xxx/CVE-2022-20958.json new file mode 100644 index 00000000000..e88e4073e30 --- /dev/null +++ b/2022/20xxx/CVE-2022-20958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20959.json b/2022/20xxx/CVE-2022-20959.json new file mode 100644 index 00000000000..637fb1fb364 --- /dev/null +++ b/2022/20xxx/CVE-2022-20959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20960.json b/2022/20xxx/CVE-2022-20960.json new file mode 100644 index 00000000000..38736c7b002 --- /dev/null +++ b/2022/20xxx/CVE-2022-20960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20961.json b/2022/20xxx/CVE-2022-20961.json new file mode 100644 index 00000000000..146bff547d1 --- /dev/null +++ b/2022/20xxx/CVE-2022-20961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20962.json b/2022/20xxx/CVE-2022-20962.json new file mode 100644 index 00000000000..7b08b0fce85 --- /dev/null +++ b/2022/20xxx/CVE-2022-20962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20963.json b/2022/20xxx/CVE-2022-20963.json new file mode 100644 index 00000000000..cb52e7b81c5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20964.json b/2022/20xxx/CVE-2022-20964.json new file mode 100644 index 00000000000..2943826bd17 --- /dev/null +++ b/2022/20xxx/CVE-2022-20964.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20964", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20965.json b/2022/20xxx/CVE-2022-20965.json new file mode 100644 index 00000000000..a14d500e8eb --- /dev/null +++ b/2022/20xxx/CVE-2022-20965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20966.json b/2022/20xxx/CVE-2022-20966.json new file mode 100644 index 00000000000..3d3d5e8e270 --- /dev/null +++ b/2022/20xxx/CVE-2022-20966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20967.json b/2022/20xxx/CVE-2022-20967.json new file mode 100644 index 00000000000..3bb6d53f7b3 --- /dev/null +++ b/2022/20xxx/CVE-2022-20967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20968.json b/2022/20xxx/CVE-2022-20968.json new file mode 100644 index 00000000000..05a28a73121 --- /dev/null +++ b/2022/20xxx/CVE-2022-20968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20969.json b/2022/20xxx/CVE-2022-20969.json new file mode 100644 index 00000000000..20c8f662e7f --- /dev/null +++ b/2022/20xxx/CVE-2022-20969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20970.json b/2022/20xxx/CVE-2022-20970.json new file mode 100644 index 00000000000..c8471cb367d --- /dev/null +++ b/2022/20xxx/CVE-2022-20970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20971.json b/2022/20xxx/CVE-2022-20971.json new file mode 100644 index 00000000000..140c00a8066 --- /dev/null +++ b/2022/20xxx/CVE-2022-20971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20972.json b/2022/20xxx/CVE-2022-20972.json new file mode 100644 index 00000000000..533fe4b6281 --- /dev/null +++ b/2022/20xxx/CVE-2022-20972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20973.json b/2022/20xxx/CVE-2022-20973.json new file mode 100644 index 00000000000..94a03619aa4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20974.json b/2022/20xxx/CVE-2022-20974.json new file mode 100644 index 00000000000..e859b00af54 --- /dev/null +++ b/2022/20xxx/CVE-2022-20974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20975.json b/2022/20xxx/CVE-2022-20975.json new file mode 100644 index 00000000000..59e43d348f6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20976.json b/2022/20xxx/CVE-2022-20976.json new file mode 100644 index 00000000000..fb3f86ebd9c --- /dev/null +++ b/2022/20xxx/CVE-2022-20976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20977.json b/2022/20xxx/CVE-2022-20977.json new file mode 100644 index 00000000000..17b616a70a6 --- /dev/null +++ b/2022/20xxx/CVE-2022-20977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20978.json b/2022/20xxx/CVE-2022-20978.json new file mode 100644 index 00000000000..f7eed8057e5 --- /dev/null +++ b/2022/20xxx/CVE-2022-20978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20979.json b/2022/20xxx/CVE-2022-20979.json new file mode 100644 index 00000000000..ce85be6a67a --- /dev/null +++ b/2022/20xxx/CVE-2022-20979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20980.json b/2022/20xxx/CVE-2022-20980.json new file mode 100644 index 00000000000..fe60ac2328a --- /dev/null +++ b/2022/20xxx/CVE-2022-20980.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20980", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20981.json b/2022/20xxx/CVE-2022-20981.json new file mode 100644 index 00000000000..5467ed16068 --- /dev/null +++ b/2022/20xxx/CVE-2022-20981.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20981", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20982.json b/2022/20xxx/CVE-2022-20982.json new file mode 100644 index 00000000000..62f67d8a1fe --- /dev/null +++ b/2022/20xxx/CVE-2022-20982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20983.json b/2022/20xxx/CVE-2022-20983.json new file mode 100644 index 00000000000..b920c86e760 --- /dev/null +++ b/2022/20xxx/CVE-2022-20983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20984.json b/2022/20xxx/CVE-2022-20984.json new file mode 100644 index 00000000000..610c8352783 --- /dev/null +++ b/2022/20xxx/CVE-2022-20984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20985.json b/2022/20xxx/CVE-2022-20985.json new file mode 100644 index 00000000000..71077b300db --- /dev/null +++ b/2022/20xxx/CVE-2022-20985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20986.json b/2022/20xxx/CVE-2022-20986.json new file mode 100644 index 00000000000..f2e386febcb --- /dev/null +++ b/2022/20xxx/CVE-2022-20986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20987.json b/2022/20xxx/CVE-2022-20987.json new file mode 100644 index 00000000000..c9713590573 --- /dev/null +++ b/2022/20xxx/CVE-2022-20987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20988.json b/2022/20xxx/CVE-2022-20988.json new file mode 100644 index 00000000000..2c17b5818a8 --- /dev/null +++ b/2022/20xxx/CVE-2022-20988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20989.json b/2022/20xxx/CVE-2022-20989.json new file mode 100644 index 00000000000..09570a0eada --- /dev/null +++ b/2022/20xxx/CVE-2022-20989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20990.json b/2022/20xxx/CVE-2022-20990.json new file mode 100644 index 00000000000..86a96a400e4 --- /dev/null +++ b/2022/20xxx/CVE-2022-20990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20991.json b/2022/20xxx/CVE-2022-20991.json new file mode 100644 index 00000000000..9791534b566 --- /dev/null +++ b/2022/20xxx/CVE-2022-20991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20992.json b/2022/20xxx/CVE-2022-20992.json new file mode 100644 index 00000000000..8c4a12ebfed --- /dev/null +++ b/2022/20xxx/CVE-2022-20992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20993.json b/2022/20xxx/CVE-2022-20993.json new file mode 100644 index 00000000000..0d0911942dc --- /dev/null +++ b/2022/20xxx/CVE-2022-20993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20994.json b/2022/20xxx/CVE-2022-20994.json new file mode 100644 index 00000000000..d9dc51f954f --- /dev/null +++ b/2022/20xxx/CVE-2022-20994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20995.json b/2022/20xxx/CVE-2022-20995.json new file mode 100644 index 00000000000..b91da734b08 --- /dev/null +++ b/2022/20xxx/CVE-2022-20995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20996.json b/2022/20xxx/CVE-2022-20996.json new file mode 100644 index 00000000000..7da0feeaa15 --- /dev/null +++ b/2022/20xxx/CVE-2022-20996.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20996", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20997.json b/2022/20xxx/CVE-2022-20997.json new file mode 100644 index 00000000000..8b47db7e8fe --- /dev/null +++ b/2022/20xxx/CVE-2022-20997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20998.json b/2022/20xxx/CVE-2022-20998.json new file mode 100644 index 00000000000..047a9eb509c --- /dev/null +++ b/2022/20xxx/CVE-2022-20998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/20xxx/CVE-2022-20999.json b/2022/20xxx/CVE-2022-20999.json new file mode 100644 index 00000000000..199026b5878 --- /dev/null +++ b/2022/20xxx/CVE-2022-20999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-20999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21000.json b/2022/21xxx/CVE-2022-21000.json new file mode 100644 index 00000000000..e178e70ee47 --- /dev/null +++ b/2022/21xxx/CVE-2022-21000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21001.json b/2022/21xxx/CVE-2022-21001.json new file mode 100644 index 00000000000..a7cce60aa5a --- /dev/null +++ b/2022/21xxx/CVE-2022-21001.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21001", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21002.json b/2022/21xxx/CVE-2022-21002.json new file mode 100644 index 00000000000..dc1d29c4bde --- /dev/null +++ b/2022/21xxx/CVE-2022-21002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21003.json b/2022/21xxx/CVE-2022-21003.json new file mode 100644 index 00000000000..f09c2977f37 --- /dev/null +++ b/2022/21xxx/CVE-2022-21003.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21003", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21004.json b/2022/21xxx/CVE-2022-21004.json new file mode 100644 index 00000000000..029ba6d7640 --- /dev/null +++ b/2022/21xxx/CVE-2022-21004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21005.json b/2022/21xxx/CVE-2022-21005.json new file mode 100644 index 00000000000..8e4b089ed2f --- /dev/null +++ b/2022/21xxx/CVE-2022-21005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21006.json b/2022/21xxx/CVE-2022-21006.json new file mode 100644 index 00000000000..3a3c63346df --- /dev/null +++ b/2022/21xxx/CVE-2022-21006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21007.json b/2022/21xxx/CVE-2022-21007.json new file mode 100644 index 00000000000..3fe165ddbc5 --- /dev/null +++ b/2022/21xxx/CVE-2022-21007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21008.json b/2022/21xxx/CVE-2022-21008.json new file mode 100644 index 00000000000..e8a53a9cf4f --- /dev/null +++ b/2022/21xxx/CVE-2022-21008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21009.json b/2022/21xxx/CVE-2022-21009.json new file mode 100644 index 00000000000..6306c007d4e --- /dev/null +++ b/2022/21xxx/CVE-2022-21009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21010.json b/2022/21xxx/CVE-2022-21010.json new file mode 100644 index 00000000000..b420125024a --- /dev/null +++ b/2022/21xxx/CVE-2022-21010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21011.json b/2022/21xxx/CVE-2022-21011.json new file mode 100644 index 00000000000..87890443603 --- /dev/null +++ b/2022/21xxx/CVE-2022-21011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21012.json b/2022/21xxx/CVE-2022-21012.json new file mode 100644 index 00000000000..cc5fbfd83d4 --- /dev/null +++ b/2022/21xxx/CVE-2022-21012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21013.json b/2022/21xxx/CVE-2022-21013.json new file mode 100644 index 00000000000..029903a86f7 --- /dev/null +++ b/2022/21xxx/CVE-2022-21013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21014.json b/2022/21xxx/CVE-2022-21014.json new file mode 100644 index 00000000000..43776faeb11 --- /dev/null +++ b/2022/21xxx/CVE-2022-21014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21015.json b/2022/21xxx/CVE-2022-21015.json new file mode 100644 index 00000000000..546ad1503de --- /dev/null +++ b/2022/21xxx/CVE-2022-21015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21016.json b/2022/21xxx/CVE-2022-21016.json new file mode 100644 index 00000000000..b4ab6efea85 --- /dev/null +++ b/2022/21xxx/CVE-2022-21016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21017.json b/2022/21xxx/CVE-2022-21017.json new file mode 100644 index 00000000000..41d96f01544 --- /dev/null +++ b/2022/21xxx/CVE-2022-21017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21018.json b/2022/21xxx/CVE-2022-21018.json new file mode 100644 index 00000000000..f3debf86959 --- /dev/null +++ b/2022/21xxx/CVE-2022-21018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21019.json b/2022/21xxx/CVE-2022-21019.json new file mode 100644 index 00000000000..2b6f43031d2 --- /dev/null +++ b/2022/21xxx/CVE-2022-21019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21020.json b/2022/21xxx/CVE-2022-21020.json new file mode 100644 index 00000000000..03191c71c3a --- /dev/null +++ b/2022/21xxx/CVE-2022-21020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21021.json b/2022/21xxx/CVE-2022-21021.json new file mode 100644 index 00000000000..0b607c58a1b --- /dev/null +++ b/2022/21xxx/CVE-2022-21021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21022.json b/2022/21xxx/CVE-2022-21022.json new file mode 100644 index 00000000000..5c5b97e5126 --- /dev/null +++ b/2022/21xxx/CVE-2022-21022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21023.json b/2022/21xxx/CVE-2022-21023.json new file mode 100644 index 00000000000..c82d4ebf60f --- /dev/null +++ b/2022/21xxx/CVE-2022-21023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21024.json b/2022/21xxx/CVE-2022-21024.json new file mode 100644 index 00000000000..5fbb7a37c58 --- /dev/null +++ b/2022/21xxx/CVE-2022-21024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21025.json b/2022/21xxx/CVE-2022-21025.json new file mode 100644 index 00000000000..a1655df661d --- /dev/null +++ b/2022/21xxx/CVE-2022-21025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21026.json b/2022/21xxx/CVE-2022-21026.json new file mode 100644 index 00000000000..0fdbb6c4ab9 --- /dev/null +++ b/2022/21xxx/CVE-2022-21026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21027.json b/2022/21xxx/CVE-2022-21027.json new file mode 100644 index 00000000000..d7f9eb0b179 --- /dev/null +++ b/2022/21xxx/CVE-2022-21027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21028.json b/2022/21xxx/CVE-2022-21028.json new file mode 100644 index 00000000000..12796dd8281 --- /dev/null +++ b/2022/21xxx/CVE-2022-21028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21029.json b/2022/21xxx/CVE-2022-21029.json new file mode 100644 index 00000000000..58d49942a35 --- /dev/null +++ b/2022/21xxx/CVE-2022-21029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21030.json b/2022/21xxx/CVE-2022-21030.json new file mode 100644 index 00000000000..1dea9b1c580 --- /dev/null +++ b/2022/21xxx/CVE-2022-21030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21031.json b/2022/21xxx/CVE-2022-21031.json new file mode 100644 index 00000000000..f1699cd4385 --- /dev/null +++ b/2022/21xxx/CVE-2022-21031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21032.json b/2022/21xxx/CVE-2022-21032.json new file mode 100644 index 00000000000..8bd49ddac75 --- /dev/null +++ b/2022/21xxx/CVE-2022-21032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21033.json b/2022/21xxx/CVE-2022-21033.json new file mode 100644 index 00000000000..8907223851e --- /dev/null +++ b/2022/21xxx/CVE-2022-21033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21034.json b/2022/21xxx/CVE-2022-21034.json new file mode 100644 index 00000000000..0f14a3402c7 --- /dev/null +++ b/2022/21xxx/CVE-2022-21034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21035.json b/2022/21xxx/CVE-2022-21035.json new file mode 100644 index 00000000000..251516b06a4 --- /dev/null +++ b/2022/21xxx/CVE-2022-21035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21036.json b/2022/21xxx/CVE-2022-21036.json new file mode 100644 index 00000000000..e951621e467 --- /dev/null +++ b/2022/21xxx/CVE-2022-21036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21037.json b/2022/21xxx/CVE-2022-21037.json new file mode 100644 index 00000000000..fafeea7e30d --- /dev/null +++ b/2022/21xxx/CVE-2022-21037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21038.json b/2022/21xxx/CVE-2022-21038.json new file mode 100644 index 00000000000..ac316924461 --- /dev/null +++ b/2022/21xxx/CVE-2022-21038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21039.json b/2022/21xxx/CVE-2022-21039.json new file mode 100644 index 00000000000..208c3860511 --- /dev/null +++ b/2022/21xxx/CVE-2022-21039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21040.json b/2022/21xxx/CVE-2022-21040.json new file mode 100644 index 00000000000..f0880fd9087 --- /dev/null +++ b/2022/21xxx/CVE-2022-21040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21041.json b/2022/21xxx/CVE-2022-21041.json new file mode 100644 index 00000000000..9ed37115611 --- /dev/null +++ b/2022/21xxx/CVE-2022-21041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21042.json b/2022/21xxx/CVE-2022-21042.json new file mode 100644 index 00000000000..1631989c968 --- /dev/null +++ b/2022/21xxx/CVE-2022-21042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21043.json b/2022/21xxx/CVE-2022-21043.json new file mode 100644 index 00000000000..898bd773b27 --- /dev/null +++ b/2022/21xxx/CVE-2022-21043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21044.json b/2022/21xxx/CVE-2022-21044.json new file mode 100644 index 00000000000..b9cebed34dc --- /dev/null +++ b/2022/21xxx/CVE-2022-21044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21045.json b/2022/21xxx/CVE-2022-21045.json new file mode 100644 index 00000000000..b604e03b4c2 --- /dev/null +++ b/2022/21xxx/CVE-2022-21045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21046.json b/2022/21xxx/CVE-2022-21046.json new file mode 100644 index 00000000000..4b58c3efb71 --- /dev/null +++ b/2022/21xxx/CVE-2022-21046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21047.json b/2022/21xxx/CVE-2022-21047.json new file mode 100644 index 00000000000..89729134d3d --- /dev/null +++ b/2022/21xxx/CVE-2022-21047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21048.json b/2022/21xxx/CVE-2022-21048.json new file mode 100644 index 00000000000..535f277e2ef --- /dev/null +++ b/2022/21xxx/CVE-2022-21048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21049.json b/2022/21xxx/CVE-2022-21049.json new file mode 100644 index 00000000000..5041bdd9cdb --- /dev/null +++ b/2022/21xxx/CVE-2022-21049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21050.json b/2022/21xxx/CVE-2022-21050.json new file mode 100644 index 00000000000..2c3fe3b670b --- /dev/null +++ b/2022/21xxx/CVE-2022-21050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21051.json b/2022/21xxx/CVE-2022-21051.json new file mode 100644 index 00000000000..fb7fd1bb99d --- /dev/null +++ b/2022/21xxx/CVE-2022-21051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21052.json b/2022/21xxx/CVE-2022-21052.json new file mode 100644 index 00000000000..4a587c48528 --- /dev/null +++ b/2022/21xxx/CVE-2022-21052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21053.json b/2022/21xxx/CVE-2022-21053.json new file mode 100644 index 00000000000..338276fe5a7 --- /dev/null +++ b/2022/21xxx/CVE-2022-21053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21054.json b/2022/21xxx/CVE-2022-21054.json new file mode 100644 index 00000000000..faf507c2955 --- /dev/null +++ b/2022/21xxx/CVE-2022-21054.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21054", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21055.json b/2022/21xxx/CVE-2022-21055.json new file mode 100644 index 00000000000..b08fb4f4dbd --- /dev/null +++ b/2022/21xxx/CVE-2022-21055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21056.json b/2022/21xxx/CVE-2022-21056.json new file mode 100644 index 00000000000..5dc409aa40c --- /dev/null +++ b/2022/21xxx/CVE-2022-21056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21057.json b/2022/21xxx/CVE-2022-21057.json new file mode 100644 index 00000000000..7507ac1bd51 --- /dev/null +++ b/2022/21xxx/CVE-2022-21057.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21057", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21058.json b/2022/21xxx/CVE-2022-21058.json new file mode 100644 index 00000000000..c4283cc25c5 --- /dev/null +++ b/2022/21xxx/CVE-2022-21058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21059.json b/2022/21xxx/CVE-2022-21059.json new file mode 100644 index 00000000000..df2b300769e --- /dev/null +++ b/2022/21xxx/CVE-2022-21059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21060.json b/2022/21xxx/CVE-2022-21060.json new file mode 100644 index 00000000000..68460005ac2 --- /dev/null +++ b/2022/21xxx/CVE-2022-21060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21061.json b/2022/21xxx/CVE-2022-21061.json new file mode 100644 index 00000000000..41d4e253796 --- /dev/null +++ b/2022/21xxx/CVE-2022-21061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21062.json b/2022/21xxx/CVE-2022-21062.json new file mode 100644 index 00000000000..c6e211d70d6 --- /dev/null +++ b/2022/21xxx/CVE-2022-21062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21063.json b/2022/21xxx/CVE-2022-21063.json new file mode 100644 index 00000000000..f4c9a26d008 --- /dev/null +++ b/2022/21xxx/CVE-2022-21063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21064.json b/2022/21xxx/CVE-2022-21064.json new file mode 100644 index 00000000000..bb09a80df23 --- /dev/null +++ b/2022/21xxx/CVE-2022-21064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21065.json b/2022/21xxx/CVE-2022-21065.json new file mode 100644 index 00000000000..b1a58d6cfbe --- /dev/null +++ b/2022/21xxx/CVE-2022-21065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21066.json b/2022/21xxx/CVE-2022-21066.json new file mode 100644 index 00000000000..cf48234a603 --- /dev/null +++ b/2022/21xxx/CVE-2022-21066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21067.json b/2022/21xxx/CVE-2022-21067.json new file mode 100644 index 00000000000..1341dd2f55b --- /dev/null +++ b/2022/21xxx/CVE-2022-21067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21068.json b/2022/21xxx/CVE-2022-21068.json new file mode 100644 index 00000000000..6542edc8e53 --- /dev/null +++ b/2022/21xxx/CVE-2022-21068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21069.json b/2022/21xxx/CVE-2022-21069.json new file mode 100644 index 00000000000..43b24674c34 --- /dev/null +++ b/2022/21xxx/CVE-2022-21069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21070.json b/2022/21xxx/CVE-2022-21070.json new file mode 100644 index 00000000000..6696202cbaa --- /dev/null +++ b/2022/21xxx/CVE-2022-21070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21071.json b/2022/21xxx/CVE-2022-21071.json new file mode 100644 index 00000000000..ed534e12ead --- /dev/null +++ b/2022/21xxx/CVE-2022-21071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21072.json b/2022/21xxx/CVE-2022-21072.json new file mode 100644 index 00000000000..ec10fb5d713 --- /dev/null +++ b/2022/21xxx/CVE-2022-21072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21073.json b/2022/21xxx/CVE-2022-21073.json new file mode 100644 index 00000000000..bcdd5bc4169 --- /dev/null +++ b/2022/21xxx/CVE-2022-21073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21074.json b/2022/21xxx/CVE-2022-21074.json new file mode 100644 index 00000000000..584ee0028b6 --- /dev/null +++ b/2022/21xxx/CVE-2022-21074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21075.json b/2022/21xxx/CVE-2022-21075.json new file mode 100644 index 00000000000..b060464c85e --- /dev/null +++ b/2022/21xxx/CVE-2022-21075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21076.json b/2022/21xxx/CVE-2022-21076.json new file mode 100644 index 00000000000..673fbd33844 --- /dev/null +++ b/2022/21xxx/CVE-2022-21076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21077.json b/2022/21xxx/CVE-2022-21077.json new file mode 100644 index 00000000000..327a1804be8 --- /dev/null +++ b/2022/21xxx/CVE-2022-21077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21078.json b/2022/21xxx/CVE-2022-21078.json new file mode 100644 index 00000000000..096a5d895da --- /dev/null +++ b/2022/21xxx/CVE-2022-21078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21079.json b/2022/21xxx/CVE-2022-21079.json new file mode 100644 index 00000000000..c2c237f8202 --- /dev/null +++ b/2022/21xxx/CVE-2022-21079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21080.json b/2022/21xxx/CVE-2022-21080.json new file mode 100644 index 00000000000..2a209c508f6 --- /dev/null +++ b/2022/21xxx/CVE-2022-21080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21081.json b/2022/21xxx/CVE-2022-21081.json new file mode 100644 index 00000000000..68607446389 --- /dev/null +++ b/2022/21xxx/CVE-2022-21081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21082.json b/2022/21xxx/CVE-2022-21082.json new file mode 100644 index 00000000000..7b6816e5af7 --- /dev/null +++ b/2022/21xxx/CVE-2022-21082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21083.json b/2022/21xxx/CVE-2022-21083.json new file mode 100644 index 00000000000..e8ea17b4124 --- /dev/null +++ b/2022/21xxx/CVE-2022-21083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21084.json b/2022/21xxx/CVE-2022-21084.json new file mode 100644 index 00000000000..c7286d5b475 --- /dev/null +++ b/2022/21xxx/CVE-2022-21084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21085.json b/2022/21xxx/CVE-2022-21085.json new file mode 100644 index 00000000000..e2423c138e1 --- /dev/null +++ b/2022/21xxx/CVE-2022-21085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21086.json b/2022/21xxx/CVE-2022-21086.json new file mode 100644 index 00000000000..3543e50c4c7 --- /dev/null +++ b/2022/21xxx/CVE-2022-21086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21087.json b/2022/21xxx/CVE-2022-21087.json new file mode 100644 index 00000000000..590737a7362 --- /dev/null +++ b/2022/21xxx/CVE-2022-21087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21088.json b/2022/21xxx/CVE-2022-21088.json new file mode 100644 index 00000000000..d88d6ad513e --- /dev/null +++ b/2022/21xxx/CVE-2022-21088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21089.json b/2022/21xxx/CVE-2022-21089.json new file mode 100644 index 00000000000..81fa45fef23 --- /dev/null +++ b/2022/21xxx/CVE-2022-21089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21090.json b/2022/21xxx/CVE-2022-21090.json new file mode 100644 index 00000000000..3e9d5164ee1 --- /dev/null +++ b/2022/21xxx/CVE-2022-21090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21091.json b/2022/21xxx/CVE-2022-21091.json new file mode 100644 index 00000000000..33aa935eeda --- /dev/null +++ b/2022/21xxx/CVE-2022-21091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21092.json b/2022/21xxx/CVE-2022-21092.json new file mode 100644 index 00000000000..a80f68fa64c --- /dev/null +++ b/2022/21xxx/CVE-2022-21092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21093.json b/2022/21xxx/CVE-2022-21093.json new file mode 100644 index 00000000000..9bee60cf2db --- /dev/null +++ b/2022/21xxx/CVE-2022-21093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21094.json b/2022/21xxx/CVE-2022-21094.json new file mode 100644 index 00000000000..77b7effb8e0 --- /dev/null +++ b/2022/21xxx/CVE-2022-21094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21095.json b/2022/21xxx/CVE-2022-21095.json new file mode 100644 index 00000000000..313a91bd607 --- /dev/null +++ b/2022/21xxx/CVE-2022-21095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21096.json b/2022/21xxx/CVE-2022-21096.json new file mode 100644 index 00000000000..a399c26e771 --- /dev/null +++ b/2022/21xxx/CVE-2022-21096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21097.json b/2022/21xxx/CVE-2022-21097.json new file mode 100644 index 00000000000..71f01e6b80f --- /dev/null +++ b/2022/21xxx/CVE-2022-21097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21098.json b/2022/21xxx/CVE-2022-21098.json new file mode 100644 index 00000000000..e3b569e1e65 --- /dev/null +++ b/2022/21xxx/CVE-2022-21098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21099.json b/2022/21xxx/CVE-2022-21099.json new file mode 100644 index 00000000000..b56213462f1 --- /dev/null +++ b/2022/21xxx/CVE-2022-21099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21100.json b/2022/21xxx/CVE-2022-21100.json new file mode 100644 index 00000000000..9eef56cbdb8 --- /dev/null +++ b/2022/21xxx/CVE-2022-21100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21101.json b/2022/21xxx/CVE-2022-21101.json new file mode 100644 index 00000000000..8175cfe19b0 --- /dev/null +++ b/2022/21xxx/CVE-2022-21101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21102.json b/2022/21xxx/CVE-2022-21102.json new file mode 100644 index 00000000000..f8b2d8e87e0 --- /dev/null +++ b/2022/21xxx/CVE-2022-21102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21103.json b/2022/21xxx/CVE-2022-21103.json new file mode 100644 index 00000000000..8abf88a7200 --- /dev/null +++ b/2022/21xxx/CVE-2022-21103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21104.json b/2022/21xxx/CVE-2022-21104.json new file mode 100644 index 00000000000..8bc516b4cdb --- /dev/null +++ b/2022/21xxx/CVE-2022-21104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21105.json b/2022/21xxx/CVE-2022-21105.json new file mode 100644 index 00000000000..59f170c368e --- /dev/null +++ b/2022/21xxx/CVE-2022-21105.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21105", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21106.json b/2022/21xxx/CVE-2022-21106.json new file mode 100644 index 00000000000..c76df22df0c --- /dev/null +++ b/2022/21xxx/CVE-2022-21106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21107.json b/2022/21xxx/CVE-2022-21107.json new file mode 100644 index 00000000000..df3c96743d9 --- /dev/null +++ b/2022/21xxx/CVE-2022-21107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21108.json b/2022/21xxx/CVE-2022-21108.json new file mode 100644 index 00000000000..673d8caafe5 --- /dev/null +++ b/2022/21xxx/CVE-2022-21108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21109.json b/2022/21xxx/CVE-2022-21109.json new file mode 100644 index 00000000000..9100da02925 --- /dev/null +++ b/2022/21xxx/CVE-2022-21109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21110.json b/2022/21xxx/CVE-2022-21110.json new file mode 100644 index 00000000000..2e69b0525a6 --- /dev/null +++ b/2022/21xxx/CVE-2022-21110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21111.json b/2022/21xxx/CVE-2022-21111.json new file mode 100644 index 00000000000..ec6f49aac36 --- /dev/null +++ b/2022/21xxx/CVE-2022-21111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21112.json b/2022/21xxx/CVE-2022-21112.json new file mode 100644 index 00000000000..817f4227f78 --- /dev/null +++ b/2022/21xxx/CVE-2022-21112.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21112", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21113.json b/2022/21xxx/CVE-2022-21113.json new file mode 100644 index 00000000000..5a0f80fe2e9 --- /dev/null +++ b/2022/21xxx/CVE-2022-21113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21114.json b/2022/21xxx/CVE-2022-21114.json new file mode 100644 index 00000000000..8d46fd771c1 --- /dev/null +++ b/2022/21xxx/CVE-2022-21114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21115.json b/2022/21xxx/CVE-2022-21115.json new file mode 100644 index 00000000000..51034dde8ff --- /dev/null +++ b/2022/21xxx/CVE-2022-21115.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21115", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21116.json b/2022/21xxx/CVE-2022-21116.json new file mode 100644 index 00000000000..8c139cb02fe --- /dev/null +++ b/2022/21xxx/CVE-2022-21116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21117.json b/2022/21xxx/CVE-2022-21117.json new file mode 100644 index 00000000000..4c7eaa7dcb6 --- /dev/null +++ b/2022/21xxx/CVE-2022-21117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21118.json b/2022/21xxx/CVE-2022-21118.json new file mode 100644 index 00000000000..ef0f4a0a850 --- /dev/null +++ b/2022/21xxx/CVE-2022-21118.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21118", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21119.json b/2022/21xxx/CVE-2022-21119.json new file mode 100644 index 00000000000..6b8cf2090a7 --- /dev/null +++ b/2022/21xxx/CVE-2022-21119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21120.json b/2022/21xxx/CVE-2022-21120.json new file mode 100644 index 00000000000..db021d21a24 --- /dev/null +++ b/2022/21xxx/CVE-2022-21120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/21xxx/CVE-2022-21121.json b/2022/21xxx/CVE-2022-21121.json new file mode 100644 index 00000000000..37baebac475 --- /dev/null +++ b/2022/21xxx/CVE-2022-21121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-21121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file