From a591c881c547012e6d63eaabe7720b4b54a35a72 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Oct 2021 19:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/29xxx/CVE-2021-29644.json | 70 +++++++++++-- 2021/29xxx/CVE-2021-29645.json | 70 +++++++++++-- 2021/35xxx/CVE-2021-35494.json | 5 + 2021/35xxx/CVE-2021-35495.json | 5 + 2021/35xxx/CVE-2021-35496.json | 5 + 2021/38xxx/CVE-2021-38862.json | 174 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38915.json | 176 ++++++++++++++++----------------- 2021/42xxx/CVE-2021-42326.json | 77 +++++++++++++++ 2021/42xxx/CVE-2021-42327.json | 18 ++++ 2021/42xxx/CVE-2021-42328.json | 18 ++++ 10 files changed, 431 insertions(+), 187 deletions(-) create mode 100644 2021/42xxx/CVE-2021-42326.json create mode 100644 2021/42xxx/CVE-2021-42327.json create mode 100644 2021/42xxx/CVE-2021-42328.json diff --git a/2021/29xxx/CVE-2021-29644.json b/2021/29xxx/CVE-2021-29644.json index d3fa3d735fb..7f6ee745c56 100644 --- a/2021/29xxx/CVE-2021-29644.json +++ b/2021/29xxx/CVE-2021-29644.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29644", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29644", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an Integer Overflow. An attacker with network access to port 31016 may exploit this issue to execute code with unrestricted privileges on the underlying OS." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29645.json b/2021/29xxx/CVE-2021-29645.json index e042ff73a2c..50abe216fe5 100644 --- a/2021/29xxx/CVE-2021-29645.json +++ b/2021/29xxx/CVE-2021-29645.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29645", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29645", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/35xxx/CVE-2021-35494.json b/2021/35xxx/CVE-2021-35494.json index f8bf84c77fb..5812f850116 100644 --- a/2021/35xxx/CVE-2021-35494.json +++ b/2021/35xxx/CVE-2021-35494.json @@ -167,6 +167,11 @@ "name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35494", + "url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35494" } ] }, diff --git a/2021/35xxx/CVE-2021-35495.json b/2021/35xxx/CVE-2021-35495.json index dd50bfb64f3..1eff93d2b51 100644 --- a/2021/35xxx/CVE-2021-35495.json +++ b/2021/35xxx/CVE-2021-35495.json @@ -167,6 +167,11 @@ "name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35495", + "url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35495" } ] }, diff --git a/2021/35xxx/CVE-2021-35496.json b/2021/35xxx/CVE-2021-35496.json index 0e2ad838ba2..bb2ae45dd59 100644 --- a/2021/35xxx/CVE-2021-35496.json +++ b/2021/35xxx/CVE-2021-35496.json @@ -173,6 +173,11 @@ "name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35496", + "url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-12-2021-tibco-jasperreports-server-2021-35496" } ] }, diff --git a/2021/38xxx/CVE-2021-38862.json b/2021/38xxx/CVE-2021-38862.json index 5d1f236c270..5266a5575e8 100644 --- a/2021/38xxx/CVE-2021-38862.json +++ b/2021/38xxx/CVE-2021-38862.json @@ -1,90 +1,90 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Data Risk Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.6" - } - ] - } - } - ] - } + "lang": "eng", + "value": "IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980." } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "S" : "U", - "AV" : "N", - "C" : "H", - "PR" : "N", - "AC" : "H", - "UI" : "N", - "I" : "N", - "SCORE" : "5.900", - "A" : "N" - }, - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - } - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6497499", - "url" : "https://www.ibm.com/support/pages/node/6497499", - "title" : "IBM Security Bulletin 6497499 (Data Risk Manager)", - "refsource" : "CONFIRM" - }, - { - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/207980", - "name" : "ibm-idna-cve202138862-info-disc (207980)" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-10-11T00:00:00", - "ID" : "CVE-2021-38862" - }, - "data_type" : "CVE", - "data_format" : "MITRE" -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Data Risk Manager", + "version": { + "version_data": [ + { + "version_value": "2.0.6" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "AV": "N", + "C": "H", + "PR": "N", + "AC": "H", + "UI": "N", + "I": "N", + "SCORE": "5.900", + "A": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6497499", + "url": "https://www.ibm.com/support/pages/node/6497499", + "title": "IBM Security Bulletin 6497499 (Data Risk Manager)", + "refsource": "CONFIRM" + }, + { + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207980", + "name": "ibm-idna-cve202138862-info-disc (207980)" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-10-11T00:00:00", + "ID": "CVE-2021-38862" + }, + "data_type": "CVE", + "data_format": "MITRE" +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38915.json b/2021/38xxx/CVE-2021-38915.json index b2c434b9e65..1db757c589d 100644 --- a/2021/38xxx/CVE-2021-38915.json +++ b/2021/38xxx/CVE-2021-38915.json @@ -1,90 +1,90 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Data Risk Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.6" - } - ] - } - } - ] - } - } - ] - } - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "A" : "N", - "SCORE" : "5.300", - "AC" : "H", - "PR" : "L", - "UI" : "N", - "I" : "N", - "C" : "H", - "AV" : "N", - "S" : "U" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Data Risk Manager", + "version": { + "version_data": [ + { + "version_value": "2.0.6" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-10-11T00:00:00", - "ID" : "CVE-2021-38915", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_type" : "CVE", - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6497499", - "title" : "IBM Security Bulletin 6497499 (Data Risk Manager)", - "name" : "https://www.ibm.com/support/pages/node/6497499" - }, - { - "refsource" : "XF", - "name" : "ibm-cprm-cve202138915-info-disc (209947)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/209947" - } - ] - } -} + } + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "A": "N", + "SCORE": "5.300", + "AC": "H", + "PR": "L", + "UI": "N", + "I": "N", + "C": "H", + "AV": "N", + "S": "U" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2021-10-11T00:00:00", + "ID": "CVE-2021-38915", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_type": "CVE", + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6497499", + "title": "IBM Security Bulletin 6497499 (Data Risk Manager)", + "name": "https://www.ibm.com/support/pages/node/6497499" + }, + { + "refsource": "XF", + "name": "ibm-cprm-cve202138915-info-disc (209947)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209947" + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42326.json b/2021/42xxx/CVE-2021-42326.json new file mode 100644 index 00000000000..e758a81359d --- /dev/null +++ b/2021/42xxx/CVE-2021-42326.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-42326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories", + "refsource": "MISC", + "name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories" + }, + { + "url": "https://www.redmine.org/news/133", + "refsource": "MISC", + "name": "https://www.redmine.org/news/133" + }, + { + "url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10", + "refsource": "MISC", + "name": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10" + }, + { + "url": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10", + "refsource": "MISC", + "name": "https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10" + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42327.json b/2021/42xxx/CVE-2021-42327.json new file mode 100644 index 00000000000..59c339ff672 --- /dev/null +++ b/2021/42xxx/CVE-2021-42327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/42xxx/CVE-2021-42328.json b/2021/42xxx/CVE-2021-42328.json new file mode 100644 index 00000000000..33ab3d3c2d7 --- /dev/null +++ b/2021/42xxx/CVE-2021-42328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-42328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file