diff --git a/2019/5xxx/CVE-2019-5318.json b/2019/5xxx/CVE-2019-5318.json index 0475dc74a2c..a1a483c166a 100644 --- a/2019/5xxx/CVE-2019-5318.json +++ b/2019/5xxx/CVE-2019-5318.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5318", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5318", + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote cross-site request forgery (csrf)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability." } ] } diff --git a/2021/31xxx/CVE-2021-31583.json b/2021/31xxx/CVE-2021-31583.json index c7390b8197e..78f3df0014a 100644 --- a/2021/31xxx/CVE-2021-31583.json +++ b/2021/31xxx/CVE-2021-31583.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Sipwise C5 NGCP CSC through CE_mr9.3.1 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang)." + "value": "Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang)." } ] }, @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php" + }, + { + "refsource": "MISC", + "name": "http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html", + "url": "http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html" } ] } diff --git a/2021/31xxx/CVE-2021-31584.json b/2021/31xxx/CVE-2021-31584.json index 152cf4983ce..d4ddd52b727 100644 --- a/2021/31xxx/CVE-2021-31584.json +++ b/2021/31xxx/CVE-2021-31584.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Sipwise C5 NGCP www_admin version 3.6.7 allows call/click2dial CSRF attacks for actions with administrative privileges." + "value": "Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges." } ] }, @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php" + }, + { + "refsource": "MISC", + "name": "http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html", + "url": "http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html" } ] } diff --git a/2021/33xxx/CVE-2021-33599.json b/2021/33xxx/CVE-2021-33599.json index bbdbf70d2a9..a309919277d 100644 --- a/2021/33xxx/CVE-2021-33599.json +++ b/2021/33xxx/CVE-2021-33599.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-33599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Denial-of-Service (DoS) Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Version " + } + ] + } + } + ] + }, + "vendor_name": "F-Secure" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service Vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", + "name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame" + }, + { + "refsource": "MISC", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-08-25_04" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/36xxx/CVE-2021-36370.json b/2021/36xxx/CVE-2021-36370.json index 3df362e5502..3a6bb2eb0f6 100644 --- a/2021/36xxx/CVE-2021-36370.json +++ b/2021/36xxx/CVE-2021-36370.json @@ -71,6 +71,16 @@ "url": "https://midnight-commander.org/", "refsource": "MISC", "name": "https://midnight-commander.org/" + }, + { + "refsource": "MISC", + "name": "https://docs.ssh-mitm.at/CVE-2021-36370.html", + "url": "https://docs.ssh-mitm.at/CVE-2021-36370.html" + }, + { + "refsource": "MISC", + "name": "https://mail.gnome.org/archives/mc-devel/2021-August/msg00008.html", + "url": "https://mail.gnome.org/archives/mc-devel/2021-August/msg00008.html" } ] } diff --git a/2021/37xxx/CVE-2021-37716.json b/2021/37xxx/CVE-2021-37716.json index bd92ddcd2fa..0ed9a4c13ed 100644 --- a/2021/37xxx/CVE-2021-37716.json +++ b/2021/37xxx/CVE-2021-37716.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.4" + }, + { + "version_value": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37717.json b/2021/37xxx/CVE-2021-37717.json index 594236268e5..0d063ba5993 100644 --- a/2021/37xxx/CVE-2021-37717.json +++ b/2021/37xxx/CVE-2021-37717.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.6" + }, + { + "version_value": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37718.json b/2021/37xxx/CVE-2021-37718.json index ba5aa520bc1..7fa67d95011 100644 --- a/2021/37xxx/CVE-2021-37718.json +++ b/2021/37xxx/CVE-2021-37718.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.6" + }, + { + "version_value": "Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37719.json b/2021/37xxx/CVE-2021-37719.json index 3cce4956062..1bd1dbcfdaf 100644 --- a/2021/37xxx/CVE-2021-37719.json +++ b/2021/37xxx/CVE-2021-37719.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.4" + }, + { + "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37720.json b/2021/37xxx/CVE-2021-37720.json index acc2d66cfaa..51d328b8ddc 100644 --- a/2021/37xxx/CVE-2021-37720.json +++ b/2021/37xxx/CVE-2021-37720.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.4" + }, + { + "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37721.json b/2021/37xxx/CVE-2021-37721.json index 083825d282e..f030468e773 100644 --- a/2021/37xxx/CVE-2021-37721.json +++ b/2021/37xxx/CVE-2021-37721.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.4" + }, + { + "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37722.json b/2021/37xxx/CVE-2021-37722.json index f770c13f868..ed3f6f49d75 100644 --- a/2021/37xxx/CVE-2021-37722.json +++ b/2021/37xxx/CVE-2021-37722.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.4" + }, + { + "version_value": "Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37723.json b/2021/37xxx/CVE-2021-37723.json index 7b6255f4514..482c15055af 100644 --- a/2021/37xxx/CVE-2021-37723.json +++ b/2021/37xxx/CVE-2021-37723.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37724.json b/2021/37xxx/CVE-2021-37724.json index 37b2e0ae9ed..bc3c6d99d87 100644 --- a/2021/37xxx/CVE-2021-37724.json +++ b/2021/37xxx/CVE-2021-37724.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote arbitrary command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37725.json b/2021/37xxx/CVE-2021-37725.json index dbb96be3eff..c9b79262e1e 100644 --- a/2021/37xxx/CVE-2021-37725.json +++ b/2021/37xxx/CVE-2021-37725.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.4" + }, + { + "version_value": "Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote cross-site request forgery (csrf)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37728.json b/2021/37xxx/CVE-2021-37728.json index 349c5481a55..4db76efa579 100644 --- a/2021/37xxx/CVE-2021-37728.json +++ b/2021/37xxx/CVE-2021-37728.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37729.json b/2021/37xxx/CVE-2021-37729.json index ac89c3cc627..ce1cb2e4e99 100644 --- a/2021/37xxx/CVE-2021-37729.json +++ b/2021/37xxx/CVE-2021-37729.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.0-2.2.0.4" + }, + { + "version_value": "Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37731.json b/2021/37xxx/CVE-2021-37731.json index 49aa577dde7..c84d42f066e 100644 --- a/2021/37xxx/CVE-2021-37731.json +++ b/2021/37xxx/CVE-2021-37731.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.0-2.2.0.4" + }, + { + "version_value": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/37xxx/CVE-2021-37733.json b/2021/37xxx/CVE-2021-37733.json index ed29b03b764..571012cb208 100644 --- a/2021/37xxx/CVE-2021-37733.json +++ b/2021/37xxx/CVE-2021-37733.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37733", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba SD-WAN Software and Gateways; Aruba Operating System Software", + "version": { + "version_data": [ + { + "version_value": "Prior to 8.6.0.4-2.2.0.4" + }, + { + "version_value": "Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability." } ] } diff --git a/2021/39xxx/CVE-2021-39285.json b/2021/39xxx/CVE-2021-39285.json index b00161f6457..cf8664fd830 100644 --- a/2021/39xxx/CVE-2021-39285.json +++ b/2021/39xxx/CVE-2021-39285.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-39285", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-39285", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://versa-networks.com", + "refsource": "MISC", + "name": "https://versa-networks.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/pbgt/CVEs/blob/main/CVE-2021-39285.md", + "url": "https://github.com/pbgt/CVEs/blob/main/CVE-2021-39285.md" } ] }