From a42b7df53940ec1a8fe81f32ab896cc06513596c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 May 2021 20:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/3xxx/CVE-2015-3306.json | 5 +++ 2018/19xxx/CVE-2018-19423.json | 5 +++ 2020/22xxx/CVE-2020-22019.json | 56 +++++++++++++++++++++++++++---- 2020/22xxx/CVE-2020-22020.json | 61 ++++++++++++++++++++++++++++++---- 2020/22xxx/CVE-2020-22021.json | 56 +++++++++++++++++++++++++++---- 2020/28xxx/CVE-2020-28648.json | 5 +++ 2020/28xxx/CVE-2020-28900.json | 5 +++ 2020/28xxx/CVE-2020-28901.json | 5 +++ 2020/28xxx/CVE-2020-28902.json | 5 +++ 2020/28xxx/CVE-2020-28903.json | 5 +++ 2020/28xxx/CVE-2020-28904.json | 5 +++ 2020/28xxx/CVE-2020-28905.json | 5 +++ 2020/28xxx/CVE-2020-28906.json | 5 +++ 2020/28xxx/CVE-2020-28907.json | 5 +++ 2020/28xxx/CVE-2020-28908.json | 5 +++ 2020/28xxx/CVE-2020-28909.json | 5 +++ 2020/28xxx/CVE-2020-28910.json | 5 +++ 2020/28xxx/CVE-2020-28911.json | 5 +++ 2020/29xxx/CVE-2020-29607.json | 5 +++ 2021/21xxx/CVE-2021-21985.json | 5 +++ 2021/21xxx/CVE-2021-21986.json | 5 +++ 2021/22xxx/CVE-2021-22699.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22705.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22731.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22732.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22733.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22734.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22735.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22736.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22737.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22738.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22739.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22740.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22741.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22742.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22743.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22744.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22745.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22746.json | 50 ++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22747.json | 50 ++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3151.json | 5 +++ 41 files changed, 1143 insertions(+), 75 deletions(-) diff --git a/2015/3xxx/CVE-2015-3306.json b/2015/3xxx/CVE-2015-3306.json index a0d096367b2..87db8c724f4 100644 --- a/2015/3xxx/CVE-2015-3306.json +++ b/2015/3xxx/CVE-2015-3306.json @@ -116,6 +116,11 @@ "name": "http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/131505/ProFTPd-1.3.5-File-Copy.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/162777/ProFTPd-1.3.5-Remote-Command-Execution.html" } ] } diff --git a/2018/19xxx/CVE-2018-19423.json b/2018/19xxx/CVE-2018-19423.json index 03f9a735a6a..1e968a81c37 100644 --- a/2018/19xxx/CVE-2018-19423.json +++ b/2018/19xxx/CVE-2018-19423.json @@ -56,6 +56,11 @@ "name": "https://github.com/Codiad/Codiad/issues/1098", "refsource": "MISC", "url": "https://github.com/Codiad/Codiad/issues/1098" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162772/Codiad-2.8.4-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/162772/Codiad-2.8.4-Shell-Upload.html" } ] } diff --git a/2020/22xxx/CVE-2020-22019.json b/2020/22xxx/CVE-2020-22019.json index e903eb10681..899c050d5af 100644 --- a/2020/22xxx/CVE-2020-22019.json +++ b/2020/22xxx/CVE-2020-22019.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22019", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22019", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://trac.ffmpeg.org/ticket/8241", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/8241" } ] } diff --git a/2020/22xxx/CVE-2020-22020.json b/2020/22xxx/CVE-2020-22020.json index a6fc3d795d5..78862963ed4 100644 --- a/2020/22xxx/CVE-2020-22020.json +++ b/2020/22xxx/CVE-2020-22020.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22020", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22020", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://trac.ffmpeg.org/ticket/8239", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/8239" + }, + { + "refsource": "MISC", + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765" } ] } diff --git a/2020/22xxx/CVE-2020-22021.json b/2020/22xxx/CVE-2020-22021.json index bd721df3e4b..77b0df8be04 100644 --- a/2020/22xxx/CVE-2020-22021.json +++ b/2020/22xxx/CVE-2020-22021.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-22021", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-22021", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://trac.ffmpeg.org/ticket/8240", + "refsource": "MISC", + "name": "https://trac.ffmpeg.org/ticket/8240" } ] } diff --git a/2020/28xxx/CVE-2020-28648.json b/2020/28xxx/CVE-2020-28648.json index b4f977a4985..83df3982c79 100644 --- a/2020/28xxx/CVE-2020-28648.json +++ b/2020/28xxx/CVE-2020-28648.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28900.json b/2020/28xxx/CVE-2020-28900.json index 648453e41e7..a7a792af958 100644 --- a/2020/28xxx/CVE-2020-28900.json +++ b/2020/28xxx/CVE-2020-28900.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28901.json b/2020/28xxx/CVE-2020-28901.json index bf3031b13b5..63e0be37e3c 100644 --- a/2020/28xxx/CVE-2020-28901.json +++ b/2020/28xxx/CVE-2020-28901.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28902.json b/2020/28xxx/CVE-2020-28902.json index 9201ce00836..b2af18e9e22 100644 --- a/2020/28xxx/CVE-2020-28902.json +++ b/2020/28xxx/CVE-2020-28902.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28903.json b/2020/28xxx/CVE-2020-28903.json index db08f06c1cc..94f4871e278 100644 --- a/2020/28xxx/CVE-2020-28903.json +++ b/2020/28xxx/CVE-2020-28903.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28904.json b/2020/28xxx/CVE-2020-28904.json index 76537ae9f91..0e2bb02ca3c 100644 --- a/2020/28xxx/CVE-2020-28904.json +++ b/2020/28xxx/CVE-2020-28904.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28905.json b/2020/28xxx/CVE-2020-28905.json index b0bf90b619e..a4c6d3e29f2 100644 --- a/2020/28xxx/CVE-2020-28905.json +++ b/2020/28xxx/CVE-2020-28905.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28906.json b/2020/28xxx/CVE-2020-28906.json index 8938d5a9d81..03bd6e4b249 100644 --- a/2020/28xxx/CVE-2020-28906.json +++ b/2020/28xxx/CVE-2020-28906.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28907.json b/2020/28xxx/CVE-2020-28907.json index 155183abb24..f2e959b3ae7 100644 --- a/2020/28xxx/CVE-2020-28907.json +++ b/2020/28xxx/CVE-2020-28907.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28908.json b/2020/28xxx/CVE-2020-28908.json index b164046d3ab..2f5a7ab4687 100644 --- a/2020/28xxx/CVE-2020-28908.json +++ b/2020/28xxx/CVE-2020-28908.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28909.json b/2020/28xxx/CVE-2020-28909.json index 47f7fa5a1b6..7f1e0bd4c26 100644 --- a/2020/28xxx/CVE-2020-28909.json +++ b/2020/28xxx/CVE-2020-28909.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28910.json b/2020/28xxx/CVE-2020-28910.json index c0e54f9a9d4..9351b57d8d8 100644 --- a/2020/28xxx/CVE-2020-28910.json +++ b/2020/28xxx/CVE-2020-28910.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/28xxx/CVE-2020-28911.json b/2020/28xxx/CVE-2020-28911.json index 02e0ca8ee39..95a21ef2d1e 100644 --- a/2020/28xxx/CVE-2020-28911.json +++ b/2020/28xxx/CVE-2020-28911.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "url": "https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html" } ] } diff --git a/2020/29xxx/CVE-2020-29607.json b/2020/29xxx/CVE-2020-29607.json index 5d959737895..f6f155b96cc 100644 --- a/2020/29xxx/CVE-2020-29607.json +++ b/2020/29xxx/CVE-2020-29607.json @@ -56,6 +56,11 @@ "url": "https://github.com/pluck-cms/pluck/issues/96", "refsource": "MISC", "name": "https://github.com/pluck-cms/pluck/issues/96" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/162785/Pluck-CMS-4.7.13-Remote-Shell-Upload.html" } ] } diff --git a/2021/21xxx/CVE-2021-21985.json b/2021/21xxx/CVE-2021-21985.json index 5044dfd9d37..2f95636898e 100644 --- a/2021/21xxx/CVE-2021-21985.json +++ b/2021/21xxx/CVE-2021-21985.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html", + "url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html" } ] }, diff --git a/2021/21xxx/CVE-2021-21986.json b/2021/21xxx/CVE-2021-21986.json index 925be27c770..a94fa4cff02 100644 --- a/2021/21xxx/CVE-2021-21986.json +++ b/2021/21xxx/CVE-2021-21986.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html", + "url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html" } ] }, diff --git a/2021/22xxx/CVE-2021-22699.json b/2021/22xxx/CVE-2021-22699.json index e4f3210b650..5c842fcaa58 100644 --- a/2021/22xxx/CVE-2021-22699.json +++ b/2021/22xxx/CVE-2021-22699.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M241/M251 logic controllers firmware prior to V5.1.9.1", + "version": { + "version_data": [ + { + "version_value": "Modicon M241/M251 logic controllers firmware prior to V5.1.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-05", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-05" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP." } ] } diff --git a/2021/22xxx/CVE-2021-22705.json b/2021/22xxx/CVE-2021-22705.json index e89fa31e05c..fdb467c1eb4 100644 --- a/2021/22xxx/CVE-2021-22705.json +++ b/2021/22xxx/CVE-2021-22705.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Harmony HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ) or EcoStruxure Machine Expert (all versions prior to V2.0)", + "version": { + "version_data": [ + { + "version_value": "Harmony HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ) or EcoStruxure Machine Expert (all versions prior to V2.0)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-02", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert" } ] } diff --git a/2021/22xxx/CVE-2021-22731.json b/2021/22xxx/CVE-2021-22731.json index d67d6e5e4ba..36b122b5d99 100644 --- a/2021/22xxx/CVE-2021-22731.json +++ b/2021/22xxx/CVE-2021-22731.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior ", + "version": { + "version_data": [ + { + "version_value": "Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker." } ] } diff --git a/2021/22xxx/CVE-2021-22732.json b/2021/22xxx/CVE-2021-22732.json index b735b935540..3a75c08b16f 100644 --- a/2021/22xxx/CVE-2021-22732.json +++ b/2021/22xxx/CVE-2021-22732.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server." } ] } diff --git a/2021/22xxx/CVE-2021-22733.json b/2021/22xxx/CVE-2021-22733.json index 2d2fd11b200..2f40cf892f8 100644 --- a/2021/22xxx/CVE-2021-22733.json +++ b/2021/22xxx/CVE-2021-22733.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22733", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder." } ] } diff --git a/2021/22xxx/CVE-2021-22734.json b/2021/22xxx/CVE-2021-22734.json index c834f9159f3..393bc2db886 100644 --- a/2021/22xxx/CVE-2021-22734.json +++ b/2021/22xxx/CVE-2021-22734.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22734", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code." } ] } diff --git a/2021/22xxx/CVE-2021-22735.json b/2021/22xxx/CVE-2021-22735.json index d9c3e10b5ce..76df282a513 100644 --- a/2021/22xxx/CVE-2021-22735.json +++ b/2021/22xxx/CVE-2021-22735.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22735", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device." } ] } diff --git a/2021/22xxx/CVE-2021-22736.json b/2021/22xxx/CVE-2021-22736.json index 5b221b72631..cee1dd66f5b 100644 --- a/2021/22xxx/CVE-2021-22736.json +++ b/2021/22xxx/CVE-2021-22736.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22736", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded." } ] } diff --git a/2021/22xxx/CVE-2021-22737.json b/2021/22xxx/CVE-2021-22737.json index 7fcd810db1c..c0801267627 100644 --- a/2021/22xxx/CVE-2021-22737.json +++ b/2021/22xxx/CVE-2021-22737.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack." } ] } diff --git a/2021/22xxx/CVE-2021-22738.json b/2021/22xxx/CVE-2021-22738.json index 879683bc3ee..43fd9a40188 100644 --- a/2021/22xxx/CVE-2021-22738.json +++ b/2021/22xxx/CVE-2021-22738.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22738", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack." } ] } diff --git a/2021/22xxx/CVE-2021-22739.json b/2021/22xxx/CVE-2021-22739.json index 3b8c615481f..c8cd3b6d6db 100644 --- a/2021/22xxx/CVE-2021-22739.json +++ b/2021/22xxx/CVE-2021-22739.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22739", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured." } ] } diff --git a/2021/22xxx/CVE-2021-22740.json b/2021/22xxx/CVE-2021-22740.json index b644289bae7..103b35f5f66 100644 --- a/2021/22xxx/CVE-2021-22740.json +++ b/2021/22xxx/CVE-2021-22740.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior", + "version": { + "version_data": [ + { + "version_value": "homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded." } ] } diff --git a/2021/22xxx/CVE-2021-22741.json b/2021/22xxx/CVE-2021-22741.json index dbd3c26e2cb..f9d26599117 100644 --- a/2021/22xxx/CVE-2021-22741.json +++ b/2021/22xxx/CVE-2021-22741.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior)", + "version": { + "version_data": [ + { + "version_value": "ClearSCADA,EcoStruxure Geo SCADA Expert 2019 and EcoStruxure Geo SCADA Expert 2020(see security notification for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-916: Use of Password Hash with Insufficient Computational Effort" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-07", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-07" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that \u201c.sde\u201d configuration export files do not contain user account password hashes." } ] } diff --git a/2021/22xxx/CVE-2021-22742.json b/2021/22xxx/CVE-2021-22742.json index 5faae8eb1e8..12c38a0fce4 100644 --- a/2021/22xxx/CVE-2021-22742.json +++ b/2021/22xxx/CVE-2021-22742.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems", + "version": { + "version_data": [ + { + "version_value": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position." } ] } diff --git a/2021/22xxx/CVE-2021-22743.json b/2021/22xxx/CVE-2021-22743.json index 21654ad91eb..75a47c0b01c 100644 --- a/2021/22xxx/CVE-2021-22743.json +++ b/2021/22xxx/CVE-2021-22743.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22743", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triconex TCM 4351B\u00a0installed on Tricon V11.3.x systems.", + "version": { + "version_data": [ + { + "version_value": "Triconex TCM 4351B\u00a0installed on Tricon V11.3.x systems" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position." } ] } diff --git a/2021/22xxx/CVE-2021-22744.json b/2021/22xxx/CVE-2021-22744.json index cef346eac6f..07ae97f6764 100644 --- a/2021/22xxx/CVE-2021-22744.json +++ b/2021/22xxx/CVE-2021-22744.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22744", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems", + "version": { + "version_data": [ + { + "version_value": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22745, CVE-2021-22746, and CVE-2021-22747." } ] } diff --git a/2021/22xxx/CVE-2021-22745.json b/2021/22xxx/CVE-2021-22745.json index 2f8b1ba047f..9b05c743744 100644 --- a/2021/22xxx/CVE-2021-22745.json +++ b/2021/22xxx/CVE-2021-22745.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22745", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems", + "version": { + "version_data": [ + { + "version_value": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22746, and CVE-2021-22747." } ] } diff --git a/2021/22xxx/CVE-2021-22746.json b/2021/22xxx/CVE-2021-22746.json index a3ec8749761..2e7eecb16d6 100644 --- a/2021/22xxx/CVE-2021-22746.json +++ b/2021/22xxx/CVE-2021-22746.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22746", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems", + "version": { + "version_data": [ + { + "version_value": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22747." } ] } diff --git a/2021/22xxx/CVE-2021-22747.json b/2021/22xxx/CVE-2021-22747.json index 188b1c735b3..bfa48db771b 100644 --- a/2021/22xxx/CVE-2021-22747.json +++ b/2021/22xxx/CVE-2021-22747.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22747", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems", + "version": { + "version_data": [ + { + "version_value": "Triconex Model 3009 MP\u00a0installed on Tricon V11.3.x systems" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746." } ] } diff --git a/2021/3xxx/CVE-2021-3151.json b/2021/3xxx/CVE-2021-3151.json index 655518af511..6515eee1073 100644 --- a/2021/3xxx/CVE-2021-3151.json +++ b/2021/3xxx/CVE-2021-3151.json @@ -61,6 +61,11 @@ "url": "https://www.i-doit.org/news/", "refsource": "MISC", "name": "https://www.i-doit.org/news/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162815/i-doit-1.15.2-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/162815/i-doit-1.15.2-Cross-Site-Scripting.html" } ] }