diff --git a/2019/25xxx/CVE-2019-25015.json b/2019/25xxx/CVE-2019-25015.json new file mode 100644 index 00000000000..b5d1324739f --- /dev/null +++ b/2019/25xxx/CVE-2019-25015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-25015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13379.json b/2020/13xxx/CVE-2020-13379.json index b2377c802e4..ea9aacae272 100644 --- a/2020/13xxx/CVE-2020-13379.json +++ b/2020/13xxx/CVE-2020-13379.json @@ -141,6 +141,26 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:1646", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html" + }, + { + "refsource": "MLIST", + "name": "[ambari-issues] 20210121 [jira] [Updated] (AMBARI-25547) Update Grafana version to 6.7.4 to avoid CVE-2020-13379", + "url": "https://lists.apache.org/thread.html/r40f0a97b6765de6b8938bc212ee9dfb5101e9efa48bcbbdec02b2a60@%3Cissues.ambari.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ambari-dev] 20210121 [GitHub] [ambari] payert opened a new pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", + "url": "https://lists.apache.org/thread.html/r093b405a49fd31efa0d949ac1a887101af1ca95652a66094194ed933@%3Cdev.ambari.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ambari-dev] 20210121 [GitHub] [ambari] payert commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", + "url": "https://lists.apache.org/thread.html/rba0247a27be78bd14046724098462d058a9969400a82344b3007cf90@%3Cdev.ambari.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ambari-dev] 20210121 [GitHub] [ambari] dvitiiuk commented on a change in pull request #3279: AMBARI-25547 Update Grafana version to 6.7.4 to avoid CVE-2020-13379", + "url": "https://lists.apache.org/thread.html/rff71126fa7d9f572baafb9be44078ad409c85d2c0f3e26664f1ef5a2@%3Cdev.ambari.apache.org%3E" } ] } diff --git a/2020/17xxx/CVE-2020-17518.json b/2020/17xxx/CVE-2020-17518.json index df44d46cc96..027e3723fac 100644 --- a/2020/17xxx/CVE-2020-17518.json +++ b/2020/17xxx/CVE-2020-17518.json @@ -168,6 +168,11 @@ "refsource": "MLIST", "name": "[flink-dev] 20210115 Re: [DISCUSS] Releasing Apache Flink 1.10.3", "url": "https://lists.apache.org/thread.html/r229167538863518738e02f4c1c5a8bb34c1d45dadcc97adf6676b0c1@%3Cdev.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-dev] 20210121 Re: [VOTE] Release 1.10.3, release candidate #1", + "url": "https://lists.apache.org/thread.html/rd2467344f88bcaf108b8209ca92da8ec393c68174bfb8c27d1e20faa@%3Cdev.flink.apache.org%3E" } ] }, diff --git a/2020/22xxx/CVE-2020-22643.json b/2020/22xxx/CVE-2020-22643.json index 2016e338d9c..0014247d1d4 100644 --- a/2020/22xxx/CVE-2020-22643.json +++ b/2020/22xxx/CVE-2020-22643.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22643", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22643", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/liufee/cms/issues/51", + "refsource": "MISC", + "name": "https://github.com/liufee/cms/issues/51" } ] } diff --git a/2020/23xxx/CVE-2020-23342.json b/2020/23xxx/CVE-2020-23342.json index 670f8b121f1..968ff575468 100644 --- a/2020/23xxx/CVE-2020-23342.json +++ b/2020/23xxx/CVE-2020-23342.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://twitter.com/NinadMishra5/status/1350077938176151558", "url": "https://twitter.com/NinadMishra5/status/1350077938176151558" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161048/Anchor-CMS-0.12.7-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/161048/Anchor-CMS-0.12.7-Cross-Site-Request-Forgery.html" } ] } diff --git a/2020/26xxx/CVE-2020-26941.json b/2020/26xxx/CVE-2020-26941.json index 14a32df7926..75653f72965 100644 --- a/2020/26xxx/CVE-2020-26941.json +++ b/2020/26xxx/CVE-2020-26941.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-26941", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-26941", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows", + "url": "https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows" } ] } diff --git a/2020/28xxx/CVE-2020-28874.json b/2020/28xxx/CVE-2020-28874.json index 3de21d5fdf6..e5510a73e43 100644 --- a/2020/28xxx/CVE-2020-28874.json +++ b/2020/28xxx/CVE-2020-28874.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28874", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28874", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/projectsend/projectsend/commits/master", + "refsource": "MISC", + "name": "https://github.com/projectsend/projectsend/commits/master" + }, + { + "url": "http://projectsend.com", + "refsource": "MISC", + "name": "http://projectsend.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/varandinawer/CVE-2020-28874", + "url": "https://github.com/varandinawer/CVE-2020-28874" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/projectsend/projectsend/commit/440204734e9a1687cb9887e1c887173d23c5a93e", + "url": "https://github.com/projectsend/projectsend/commit/440204734e9a1687cb9887e1c887173d23c5a93e" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/projectsend/projectsend/releases/tag/r1295", + "url": "https://github.com/projectsend/projectsend/releases/tag/r1295" } ] } diff --git a/2020/29xxx/CVE-2020-29241.json b/2020/29xxx/CVE-2020-29241.json index 30d4d76914a..8489ceb1351 100644 --- a/2020/29xxx/CVE-2020-29241.json +++ b/2020/29xxx/CVE-2020-29241.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29241", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29241", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the \"Title\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@parshwa.fabaf/cross-site-scripting-vulnerability-in-admin-panel-c95bd4ecb6aa", + "refsource": "MISC", + "name": "https://medium.com/@parshwa.fabaf/cross-site-scripting-vulnerability-in-admin-panel-c95bd4ecb6aa" } ] } diff --git a/2020/35xxx/CVE-2020-35309.json b/2020/35xxx/CVE-2020-35309.json index c5f9ed1807c..a0564eb51d1 100644 --- a/2020/35xxx/CVE-2020-35309.json +++ b/2020/35xxx/CVE-2020-35309.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35309", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35309", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - \"Categories\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49161", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49161" } ] } diff --git a/2020/35xxx/CVE-2020-35310.json b/2020/35xxx/CVE-2020-35310.json index 6367cf62f87..74524ae90f5 100644 --- a/2020/35xxx/CVE-2020-35310.json +++ b/2020/35xxx/CVE-2020-35310.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35310", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35310", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Composr CMS 10.0.34 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via Add Banners in the Description field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49190", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49190" } ] } diff --git a/2020/35xxx/CVE-2020-35749.json b/2020/35xxx/CVE-2020-35749.json index 60b4557118c..b89e590b8a5 100644 --- a/2020/35xxx/CVE-2020-35749.json +++ b/2020/35xxx/CVE-2020-35749.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/edit?usp=sharing", "url": "https://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/edit?usp=sharing" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.html", + "url": "http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.html" } ] } diff --git a/2020/8xxx/CVE-2020-8288.json b/2020/8xxx/CVE-2020-8288.json index 40c32d4828a..f0a34b8f054 100644 --- a/2020/8xxx/CVE-2020-8288.json +++ b/2020/8xxx/CVE-2020-8288.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rocket.Chat server", + "version": { + "version_data": [ + { + "version_value": "Fixed in 3.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/899954", + "url": "https://hackerone.com/reports/899954" + }, + { + "refsource": "MISC", + "name": "https://rocket.chat/xss-vulnerability-hotfix-available-for-all-affected-versions/", + "url": "https://rocket.chat/xss-vulnerability-hotfix-available-for-all-affected-versions/" + }, + { + "refsource": "MISC", + "name": "https://docs.rocket.chat/guides/security/security-updates", + "url": "https://docs.rocket.chat/guides/security/security-updates" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter." } ] } diff --git a/2020/8xxx/CVE-2020-8292.json b/2020/8xxx/CVE-2020-8292.json index 694dd7f282e..881c3a66180 100644 --- a/2020/8xxx/CVE-2020-8292.json +++ b/2020/8xxx/CVE-2020-8292.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-8292", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rocket.Chat server", + "version": { + "version_data": [ + { + "version_value": "Fixed in 3.9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - DOM (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://docs.rocket.chat/guides/security/security-updates", + "url": "https://docs.rocket.chat/guides/security/security-updates" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/962902", + "url": "https://hackerone.com/reports/962902" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes." } ] } diff --git a/2020/8xxx/CVE-2020-8554.json b/2020/8xxx/CVE-2020-8554.json index 620adef3b4a..5b968db5caa 100644 --- a/2020/8xxx/CVE-2020-8554.json +++ b/2020/8xxx/CVE-2020-8554.json @@ -82,12 +82,14 @@ "references": { "reference_data": [ { - "refsource": "MLIST", - "url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8" + "refsource": "MISC", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8", + "name": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8" }, { - "refsource": "CONFIRM", - "url": "https://github.com/kubernetes/kubernetes/issues/97076" + "refsource": "MISC", + "url": "https://github.com/kubernetes/kubernetes/issues/97076", + "name": "https://github.com/kubernetes/kubernetes/issues/97076" } ] }, diff --git a/2020/8xxx/CVE-2020-8567.json b/2020/8xxx/CVE-2020-8567.json index f7fa40d3369..cda65546b40 100644 --- a/2020/8xxx/CVE-2020-8567.json +++ b/2020/8xxx/CVE-2020-8567.json @@ -92,12 +92,14 @@ "references": { "reference_data": [ { - "refsource": "MLIST", - "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY" + "refsource": "MISC", + "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY", + "name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY" }, { - "refsource": "CONFIRM", - "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384" + "refsource": "MISC", + "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384", + "name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384" } ] }, diff --git a/2020/8xxx/CVE-2020-8568.json b/2020/8xxx/CVE-2020-8568.json index 4b9532c0406..f76a2db7187 100644 --- a/2020/8xxx/CVE-2020-8568.json +++ b/2020/8xxx/CVE-2020-8568.json @@ -95,12 +95,14 @@ "references": { "reference_data": [ { - "refsource": "MLIST", - "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4" + "refsource": "MISC", + "url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4", + "name": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4" }, { - "refsource": "CONFIRM", - "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378" + "refsource": "MISC", + "url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378", + "name": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378" } ] }, diff --git a/2020/8xxx/CVE-2020-8569.json b/2020/8xxx/CVE-2020-8569.json index 0e9963e6276..5f0759887fb 100644 --- a/2020/8xxx/CVE-2020-8569.json +++ b/2020/8xxx/CVE-2020-8569.json @@ -49,7 +49,7 @@ "description_data": [ { "lang": "eng", - "value": "Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when:\n\n- The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass.\n- The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop.\n\nOnly the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected." + "value": "Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can\u2019t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected." } ] }, @@ -87,12 +87,14 @@ "references": { "reference_data": [ { - "refsource": "MLIST", - "url": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU" + "refsource": "MISC", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU", + "name": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU" }, { - "refsource": "CONFIRM", - "url": "https://github.com/kubernetes-csi/external-snapshotter/issues/380" + "refsource": "MISC", + "url": "https://github.com/kubernetes-csi/external-snapshotter/issues/380", + "name": "https://github.com/kubernetes-csi/external-snapshotter/issues/380" } ] }, diff --git a/2020/8xxx/CVE-2020-8570.json b/2020/8xxx/CVE-2020-8570.json index ea0c301d8ec..e57818ddacc 100644 --- a/2020/8xxx/CVE-2020-8570.json +++ b/2020/8xxx/CVE-2020-8570.json @@ -74,12 +74,14 @@ "references": { "reference_data": [ { - "refsource": "MLIST", - "url": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg" + "refsource": "MISC", + "url": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg", + "name": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg" }, { - "refsource": "CONFIRM", - "url": "https://github.com/kubernetes-client/java/issues/1491" + "refsource": "MISC", + "url": "https://github.com/kubernetes-client/java/issues/1491", + "name": "https://github.com/kubernetes-client/java/issues/1491" } ] }, diff --git a/2021/1xxx/CVE-2021-1648.json b/2021/1xxx/CVE-2021-1648.json index efe55b3666d..c4a3cae2828 100644 --- a/2021/1xxx/CVE-2021-1648.json +++ b/2021/1xxx/CVE-2021-1648.json @@ -258,6 +258,11 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-024/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-024/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-078/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-078/" } ] } diff --git a/2021/21xxx/CVE-2021-21238.json b/2021/21xxx/CVE-2021-21238.json index 149079f4f64..0646f7b2732 100644 --- a/2021/21xxx/CVE-2021-21238.json +++ b/2021/21xxx/CVE-2021-21238.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature.\n\nThis is fixed in PySAML2 6.5.0." + "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0." } ] }, @@ -69,6 +69,16 @@ }, "references": { "reference_data": [ + { + "name": "https://pypi.org/project/pysaml2", + "refsource": "MISC", + "url": "https://pypi.org/project/pysaml2" + }, + { + "name": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0", + "refsource": "MISC", + "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0" + }, { "name": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9", "refsource": "CONFIRM", @@ -78,16 +88,6 @@ "name": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14", "refsource": "MISC", "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14" - }, - { - "name": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0", - "refsource": "MISC", - "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0" - }, - { - "name": "https://pypi.org/project/pysaml2", - "refsource": "MISC", - "url": "https://pypi.org/project/pysaml2" } ] }, diff --git a/2021/21xxx/CVE-2021-21239.json b/2021/21xxx/CVE-2021-21239.json index 74c5d493d9b..28822eba2c6 100644 --- a/2021/21xxx/CVE-2021-21239.json +++ b/2021/21xxx/CVE-2021-21239.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature.\n\n\nThis is fixed in PySAML2 6.5.0." + "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0." } ] }, diff --git a/2021/21xxx/CVE-2021-21253.json b/2021/21xxx/CVE-2021-21253.json index d7b00385e24..08092039797 100644 --- a/2021/21xxx/CVE-2021-21253.json +++ b/2021/21xxx/CVE-2021-21253.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system.\n\nWithout a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords.\n\nThis problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system." + "value": "OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system." } ] }, diff --git a/2021/21xxx/CVE-2021-21723.json b/2021/21xxx/CVE-2021-21723.json index db6fdbd4403..63e65ac26c7 100644 --- a/2021/21xxx/CVE-2021-21723.json +++ b/2021/21xxx/CVE-2021-21723.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014424" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12." } ] } diff --git a/2021/22xxx/CVE-2021-22871.json b/2021/22xxx/CVE-2021-22871.json index 4cbc097ebc1..49018fd7269 100644 --- a/2021/22xxx/CVE-2021-22871.json +++ b/2021/22xxx/CVE-2021-22871.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22871", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/revive-adserver/revive-adserver", + "version": { + "version_data": [ + { + "version_value": "Fixed in 5.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.revive-adserver.com/security/revive-sa-2021-001/", + "url": "https://www.revive-adserver.com/security/revive-sa-2021-001/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/819362", + "url": "https://hackerone.com/reports/819362" + }, + { + "refsource": "MISC", + "name": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26", + "url": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26" + }, + { + "refsource": "MISC", + "name": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439", + "url": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability." } ] } diff --git a/2021/22xxx/CVE-2021-22872.json b/2021/22xxx/CVE-2021-22872.json index 291bbaef313..21ab6ccbf23 100644 --- a/2021/22xxx/CVE-2021-22872.json +++ b/2021/22xxx/CVE-2021-22872.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22872", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/revive-adserver/revive-adserver", + "version": { + "version_data": [ + { + "version_value": "Fixed in 5.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.revive-adserver.com/security/revive-sa-2021-001/", + "url": "https://www.revive-adserver.com/security/revive-sa-2021-001/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/986365", + "url": "https://hackerone.com/reports/986365" + }, + { + "refsource": "MISC", + "name": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e", + "url": "https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e" + }, + { + "refsource": "MISC", + "name": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50", + "url": "https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable." } ] } diff --git a/2021/22xxx/CVE-2021-22873.json b/2021/22xxx/CVE-2021-22873.json index 35802a508bf..0d2729983c3 100644 --- a/2021/22xxx/CVE-2021-22873.json +++ b/2021/22xxx/CVE-2021-22873.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/revive-adserver/revive-adserver", + "version": { + "version_data": [ + { + "version_value": "Fixed in 5.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect (CWE-601)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1081406", + "url": "https://hackerone.com/reports/1081406" + }, + { + "refsource": "MISC", + "name": "https://www.revive-adserver.com/security/revive-sa-2021-001/", + "url": "https://www.revive-adserver.com/security/revive-sa-2021-001/" + }, + { + "refsource": "MISC", + "name": "https://github.com/revive-adserver/revive-adserver/issues/1068", + "url": "https://github.com/revive-adserver/revive-adserver/issues/1068" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability." } ] } diff --git a/2021/25xxx/CVE-2021-25175.json b/2021/25xxx/CVE-2021-25175.json index 4d6c4371389..3861ff662a7 100644 --- a/2021/25xxx/CVE-2021-25175.json +++ b/2021/25xxx/CVE-2021-25175.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 1 of 3." + "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ] }, diff --git a/2021/25xxx/CVE-2021-25176.json b/2021/25xxx/CVE-2021-25176.json index 4df87d27467..a36aa71598a 100644 --- a/2021/25xxx/CVE-2021-25176.json +++ b/2021/25xxx/CVE-2021-25176.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 2 of 3." + "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ] }, diff --git a/2021/25xxx/CVE-2021-25177.json b/2021/25xxx/CVE-2021-25177.json index 6ef513295ba..7138a1064a9 100644 --- a/2021/25xxx/CVE-2021-25177.json +++ b/2021/25xxx/CVE-2021-25177.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). This is issue 3 of 3." + "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart)." } ] }, diff --git a/2021/25xxx/CVE-2021-25647.json b/2021/25xxx/CVE-2021-25647.json new file mode 100644 index 00000000000..48633d3420d --- /dev/null +++ b/2021/25xxx/CVE-2021-25647.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25647", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25648.json b/2021/25xxx/CVE-2021-25648.json new file mode 100644 index 00000000000..62ff42fbcaf --- /dev/null +++ b/2021/25xxx/CVE-2021-25648.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25648", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25649.json b/2021/25xxx/CVE-2021-25649.json new file mode 100644 index 00000000000..bcf2278b3f0 --- /dev/null +++ b/2021/25xxx/CVE-2021-25649.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25649", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25650.json b/2021/25xxx/CVE-2021-25650.json new file mode 100644 index 00000000000..c64f080093e --- /dev/null +++ b/2021/25xxx/CVE-2021-25650.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25650", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25651.json b/2021/25xxx/CVE-2021-25651.json new file mode 100644 index 00000000000..3ae1b7a8487 --- /dev/null +++ b/2021/25xxx/CVE-2021-25651.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25651", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25652.json b/2021/25xxx/CVE-2021-25652.json new file mode 100644 index 00000000000..5923e7828ea --- /dev/null +++ b/2021/25xxx/CVE-2021-25652.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25652", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25653.json b/2021/25xxx/CVE-2021-25653.json new file mode 100644 index 00000000000..5d036f90743 --- /dev/null +++ b/2021/25xxx/CVE-2021-25653.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25653", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25654.json b/2021/25xxx/CVE-2021-25654.json new file mode 100644 index 00000000000..7aa90fffd37 --- /dev/null +++ b/2021/25xxx/CVE-2021-25654.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25654", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25655.json b/2021/25xxx/CVE-2021-25655.json new file mode 100644 index 00000000000..85827d8c96c --- /dev/null +++ b/2021/25xxx/CVE-2021-25655.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25655", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25656.json b/2021/25xxx/CVE-2021-25656.json new file mode 100644 index 00000000000..761a8bc6504 --- /dev/null +++ b/2021/25xxx/CVE-2021-25656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25657.json b/2021/25xxx/CVE-2021-25657.json new file mode 100644 index 00000000000..637c62388f2 --- /dev/null +++ b/2021/25xxx/CVE-2021-25657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25658.json b/2021/25xxx/CVE-2021-25658.json new file mode 100644 index 00000000000..f523d45d510 --- /dev/null +++ b/2021/25xxx/CVE-2021-25658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25659.json b/2021/25xxx/CVE-2021-25659.json new file mode 100644 index 00000000000..76e0f928ced --- /dev/null +++ b/2021/25xxx/CVE-2021-25659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25660.json b/2021/25xxx/CVE-2021-25660.json new file mode 100644 index 00000000000..9807984d54e --- /dev/null +++ b/2021/25xxx/CVE-2021-25660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25661.json b/2021/25xxx/CVE-2021-25661.json new file mode 100644 index 00000000000..66bf75b9948 --- /dev/null +++ b/2021/25xxx/CVE-2021-25661.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25661", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25662.json b/2021/25xxx/CVE-2021-25662.json new file mode 100644 index 00000000000..166d10fe8b8 --- /dev/null +++ b/2021/25xxx/CVE-2021-25662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25663.json b/2021/25xxx/CVE-2021-25663.json new file mode 100644 index 00000000000..1b3e4e8b71c --- /dev/null +++ b/2021/25xxx/CVE-2021-25663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25664.json b/2021/25xxx/CVE-2021-25664.json new file mode 100644 index 00000000000..56b6f3b4528 --- /dev/null +++ b/2021/25xxx/CVE-2021-25664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25665.json b/2021/25xxx/CVE-2021-25665.json new file mode 100644 index 00000000000..6da3305c4dd --- /dev/null +++ b/2021/25xxx/CVE-2021-25665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25666.json b/2021/25xxx/CVE-2021-25666.json new file mode 100644 index 00000000000..d45be1cb634 --- /dev/null +++ b/2021/25xxx/CVE-2021-25666.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25666", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25667.json b/2021/25xxx/CVE-2021-25667.json new file mode 100644 index 00000000000..209ca68e893 --- /dev/null +++ b/2021/25xxx/CVE-2021-25667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25668.json b/2021/25xxx/CVE-2021-25668.json new file mode 100644 index 00000000000..3a938e0deb8 --- /dev/null +++ b/2021/25xxx/CVE-2021-25668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25669.json b/2021/25xxx/CVE-2021-25669.json new file mode 100644 index 00000000000..bd566908ef6 --- /dev/null +++ b/2021/25xxx/CVE-2021-25669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25670.json b/2021/25xxx/CVE-2021-25670.json new file mode 100644 index 00000000000..daf752984f5 --- /dev/null +++ b/2021/25xxx/CVE-2021-25670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25671.json b/2021/25xxx/CVE-2021-25671.json new file mode 100644 index 00000000000..2245dbd3976 --- /dev/null +++ b/2021/25xxx/CVE-2021-25671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25672.json b/2021/25xxx/CVE-2021-25672.json new file mode 100644 index 00000000000..889ff8ba94d --- /dev/null +++ b/2021/25xxx/CVE-2021-25672.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25672", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25673.json b/2021/25xxx/CVE-2021-25673.json new file mode 100644 index 00000000000..c0066a17bdf --- /dev/null +++ b/2021/25xxx/CVE-2021-25673.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25673", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25674.json b/2021/25xxx/CVE-2021-25674.json new file mode 100644 index 00000000000..32b514f1e6d --- /dev/null +++ b/2021/25xxx/CVE-2021-25674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25675.json b/2021/25xxx/CVE-2021-25675.json new file mode 100644 index 00000000000..ee7d2d74ce3 --- /dev/null +++ b/2021/25xxx/CVE-2021-25675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25676.json b/2021/25xxx/CVE-2021-25676.json new file mode 100644 index 00000000000..59ea7f5be4a --- /dev/null +++ b/2021/25xxx/CVE-2021-25676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25677.json b/2021/25xxx/CVE-2021-25677.json new file mode 100644 index 00000000000..2399e8072b1 --- /dev/null +++ b/2021/25xxx/CVE-2021-25677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25678.json b/2021/25xxx/CVE-2021-25678.json new file mode 100644 index 00000000000..a604a5b2c00 --- /dev/null +++ b/2021/25xxx/CVE-2021-25678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25679.json b/2021/25xxx/CVE-2021-25679.json new file mode 100644 index 00000000000..57e1dcc7f54 --- /dev/null +++ b/2021/25xxx/CVE-2021-25679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25680.json b/2021/25xxx/CVE-2021-25680.json new file mode 100644 index 00000000000..56ede84746c --- /dev/null +++ b/2021/25xxx/CVE-2021-25680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/25xxx/CVE-2021-25681.json b/2021/25xxx/CVE-2021-25681.json new file mode 100644 index 00000000000..c34dfda1836 --- /dev/null +++ b/2021/25xxx/CVE-2021-25681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-25681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3152.json b/2021/3xxx/CVE-2021-3152.json index 9f79a937870..449e379a8f9 100644 --- a/2021/3xxx/CVE-2021-3152.json +++ b/2021/3xxx/CVE-2021-3152.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-3152", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-3152", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Home Assistant before 2021.1.3 allows attackers to obtain sensitive information because custom integrations with ../ are mishandled," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.home-assistant.io/blog/2021/01/14/security-bulletin/", + "url": "https://www.home-assistant.io/blog/2021/01/14/security-bulletin/" } ] } diff --git a/2021/3xxx/CVE-2021-3198.json b/2021/3xxx/CVE-2021-3198.json new file mode 100644 index 00000000000..1af266a4c3c --- /dev/null +++ b/2021/3xxx/CVE-2021-3198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file