diff --git a/2021/0xxx/CVE-2021-0089.json b/2021/0xxx/CVE-2021-0089.json index 6dedfaa7dbe..22266ec70fa 100644 --- a/2021/0xxx/CVE-2021-0089.json +++ b/2021/0xxx/CVE-2021-0089.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", "url": "http://www.openwall.com/lists/oss-security/2021/06/10/11" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4931", + "url": "https://www.debian.org/security/2021/dsa-4931" } ] }, diff --git a/2021/26xxx/CVE-2021-26313.json b/2021/26xxx/CVE-2021-26313.json index 079482e0269..bc9ef7d4cf3 100644 --- a/2021/26xxx/CVE-2021-26313.json +++ b/2021/26xxx/CVE-2021-26313.json @@ -87,6 +87,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", "url": "http://www.openwall.com/lists/oss-security/2021/06/10/11" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4931", + "url": "https://www.debian.org/security/2021/dsa-4931" } ] }, diff --git a/2021/27xxx/CVE-2021-27479.json b/2021/27xxx/CVE-2021-27479.json index 4f7896d1e25..3ebf60e12ee 100644 --- a/2021/27xxx/CVE-2021-27479.json +++ b/2021/27xxx/CVE-2021-27479.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27479", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZOLL Defibrillator Dashboard", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users." } ] } diff --git a/2021/27xxx/CVE-2021-27483.json b/2021/27xxx/CVE-2021-27483.json index 2ec128e7c95..24e89b1d4c8 100644 --- a/2021/27xxx/CVE-2021-27483.json +++ b/2021/27xxx/CVE-2021-27483.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27483", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZOLL Defibrillator Dashboard", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user." } ] } diff --git a/2021/27xxx/CVE-2021-27485.json b/2021/27xxx/CVE-2021-27485.json index b012f79caa2..5931934fde5 100644 --- a/2021/27xxx/CVE-2021-27485.json +++ b/2021/27xxx/CVE-2021-27485.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27485", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZOLL Defibrillator Dashboard", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser." } ] } diff --git a/2021/30xxx/CVE-2021-30468.json b/2021/30xxx/CVE-2021-30468.json index d1bb376669f..7257011bd1b 100644 --- a/2021/30xxx/CVE-2021-30468.json +++ b/2021/30xxx/CVE-2021-30468.json @@ -42,7 +42,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. \n\nThis issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11." + "value": "A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11." } ] }, @@ -64,12 +64,23 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc" + "refsource": "MISC", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc", + "name": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-users] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter", + "url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459@%3Cusers.cxf.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cxf-dev] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter", + "url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459@%3Cdev.cxf.apache.org%3E" } ] }, "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31159.json b/2021/31xxx/CVE-2021-31159.json index 0fa161eabbb..cc0e79cf16e 100644 --- a/2021/31xxx/CVE-2021-31159.json +++ b/2021/31xxx/CVE-2021-31159.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31159", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31159", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com", + "refsource": "MISC", + "name": "https://www.manageengine.com" + }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/service-desk-msp/readme.html#10519", + "url": "https://www.manageengine.com/products/service-desk-msp/readme.html#10519" } ] } diff --git a/2021/31xxx/CVE-2021-31857.json b/2021/31xxx/CVE-2021-31857.json index d4d12191658..f4a0c8c6ef3 100644 --- a/2021/31xxx/CVE-2021-31857.json +++ b/2021/31xxx/CVE-2021-31857.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31857", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31857", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com", + "refsource": "MISC", + "name": "https://www.manageengine.com" + }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11104", + "url": "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11104" } ] } diff --git a/2021/32xxx/CVE-2021-32928.json b/2021/32xxx/CVE-2021-32928.json index 1e623044af5..535aa9e1576 100644 --- a/2021/32xxx/CVE-2021-32928.json +++ b/2021/32xxx/CVE-2021-32928.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Sentinel LDK Run-Time Environment", + "version": { + "version_data": [ + { + "version_value": "Versions 7.6 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INCOMPLETE CLEANUP CWE-459" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named \u201cSentinel License Manager\u201d that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947." } ] }