From b04082da0e6e048540d0a9c4d2ee20f185a6880f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 15 Nov 2021 16:01:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12895.json | 71 ++++++++++- 2020/12xxx/CVE-2020-12897.json | 71 ++++++++++- 2020/12xxx/CVE-2020-12899.json | 71 ++++++++++- 2020/12xxx/CVE-2020-12900.json | 71 ++++++++++- 2020/12xxx/CVE-2020-12902.json | 71 ++++++++++- 2020/12xxx/CVE-2020-12904.json | 71 ++++++++++- 2020/12xxx/CVE-2020-12920.json | 71 ++++++++++- 2020/12xxx/CVE-2020-12929.json | 71 ++++++++++- 2020/12xxx/CVE-2020-12963.json | 71 ++++++++++- 2021/34xxx/CVE-2021-34991.json | 132 +++++++++---------- 2021/34xxx/CVE-2021-34992.json | 132 +++++++++---------- 2021/38xxx/CVE-2021-38974.json | 220 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38975.json | 222 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38976.json | 222 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38977.json | 224 ++++++++++++++++----------------- 2021/38xxx/CVE-2021-38978.json | 222 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38979.json | 222 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38981.json | 222 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38982.json | 220 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38983.json | 222 ++++++++++++++++---------------- 2021/38xxx/CVE-2021-38984.json | 222 ++++++++++++++++---------------- 2021/41xxx/CVE-2021-41765.json | 61 ++++++++- 2021/41xxx/CVE-2021-41950.json | 61 ++++++++- 2021/41xxx/CVE-2021-41951.json | 56 ++++++++- 2021/42xxx/CVE-2021-42580.json | 56 ++++++++- 25 files changed, 2040 insertions(+), 1315 deletions(-) diff --git a/2020/12xxx/CVE-2020-12895.json b/2020/12xxx/CVE-2020-12895.json index 8e5e70175ee..f42592dee94 100644 --- a/2020/12xxx/CVE-2020-12895.json +++ b/2020/12xxx/CVE-2020-12895.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "20.11.2" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12897.json b/2020/12xxx/CVE-2020-12897.json index 6c537f92c79..4414f8b8832 100644 --- a/2020/12xxx/CVE-2020-12897.json +++ b/2020/12xxx/CVE-2020-12897.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "21.3.1" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12899.json b/2020/12xxx/CVE-2020-12899.json index d5f7d931a61..d791f829dd8 100644 --- a/2020/12xxx/CVE-2020-12899.json +++ b/2020/12xxx/CVE-2020-12899.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "20.11.2" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12900.json b/2020/12xxx/CVE-2020-12900.json index b21b8cd59a5..afa26cbe70e 100644 --- a/2020/12xxx/CVE-2020-12900.json +++ b/2020/12xxx/CVE-2020-12900.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12900", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "20.7.1" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12902.json b/2020/12xxx/CVE-2020-12902.json index 58d7d9f378e..e9844459dce 100644 --- a/2020/12xxx/CVE-2020-12902.json +++ b/2020/12xxx/CVE-2020-12902.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12902", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "20.11.2" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12904.json b/2020/12xxx/CVE-2020-12904.json index 5349f17fa72..376ee8ec4c2 100644 --- a/2020/12xxx/CVE-2020-12904.json +++ b/2020/12xxx/CVE-2020-12904.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "20.11.2" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12920.json b/2020/12xxx/CVE-2020-12920.json index d5ba3accb66..b937b258cd3 100644 --- a/2020/12xxx/CVE-2020-12920.json +++ b/2020/12xxx/CVE-2020-12920.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12920", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "20.11.2" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12929.json b/2020/12xxx/CVE-2020-12929.json index 1e286f8c5d8..e58a5bc1ff2 100644 --- a/2020/12xxx/CVE-2020-12929.json +++ b/2020/12xxx/CVE-2020-12929.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "20.11.2" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution ." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12963.json b/2020/12xxx/CVE-2020-12963.json index 707243ccf0c..c7434ff2c18 100644 --- a/2020/12xxx/CVE-2020-12963.json +++ b/2020/12xxx/CVE-2020-12963.json @@ -1,18 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon Software ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Radeon Software", + "version_value": "20.11.2" + }, + { + "version_affected": "<", + "version_name": "Radeon Pro Software for Enterprise ", + "version_value": "21.Q2 " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000" + } + ] + }, + "source": { + "advisory": "AMD-SB-1000", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34991.json b/2021/34xxx/CVE-2021-34991.json index b236b953f68..eb9671aa067 100644 --- a/2021/34xxx/CVE-2021-34991.json +++ b/2021/34xxx/CVE-2021-34991.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-34991", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "R6400v2", - "version": { - "version_data": [ - { - "version_value": "1.0.4.106_10.0.80" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-34991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "R6400v2", + "version": { + "version_data": [ + { + "version_value": "1.0.4.106_10.0.80" + } + ] + } + } + ] + }, + "vendor_name": "NETGEAR" } - } ] - }, - "vendor_name": "NETGEAR" } - ] - } - }, - "credit": "her0back of MoyunSec TopBreaker Lab", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121: Stack-based Buffer Overflow" - } + }, + "credit": "her0back of MoyunSec TopBreaker Lab", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/" - }, - { - "url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1303/" + }, + { + "url": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168", + "refsource": "MISC", + "name": "https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34992.json b/2021/34xxx/CVE-2021-34992.json index 1ecf293364e..c91344a42fa 100644 --- a/2021/34xxx/CVE-2021-34992.json +++ b/2021/34xxx/CVE-2021-34992.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-34992", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "C1 CMS", - "version": { - "version_data": [ - { - "version_value": "6.10" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-34992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "C1 CMS", + "version": { + "version_data": [ + { + "version_value": "6.10" + } + ] + } + } + ] + }, + "vendor_name": "Orckestra" } - } ] - }, - "vendor_name": "Orckestra" } - ] - } - }, - "credit": "Le Ngoc Anh - Sun* Cyber Security Research Team", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account.\n Was ZDI-CAN-14740." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-502: Deserialization of Untrusted Data" - } + }, + "credit": "Le Ngoc Anh - Sun* Cyber Security Research Team", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14740." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/" - }, - { - "url": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1304/" + }, + { + "url": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11", + "refsource": "MISC", + "name": "https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.11" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38974.json b/2021/38xxx/CVE-2021-38974.json index 26a0111ef3e..531d2b612a1 100644 --- a/2021/38xxx/CVE-2021-38974.json +++ b/2021/38xxx/CVE-2021-38974.json @@ -1,114 +1,114 @@ { - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779." - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6516046", - "title" : "IBM Security Bulletin 6516046 (Security Key Lifecycle Manager)", - "url" : "https://www.ibm.com/support/pages/node/6516046", - "refsource" : "CONFIRM" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212779", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve202138974-dos (212779)" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "UI" : "N", - "SCORE" : "5.400", - "C" : "N", - "AV" : "N", - "I" : "L", - "S" : "U", - "A" : "L", - "PR" : "L", - "AC" : "L" - } - } - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779." } - ] - } - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38974", - "STATE" : "PUBLIC" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6516046", + "title": "IBM Security Bulletin 6516046 (Security Key Lifecycle Manager)", + "url": "https://www.ibm.com/support/pages/node/6516046", + "refsource": "CONFIRM" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212779", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve202138974-dos (212779)" + } + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + }, + "BM": { + "UI": "N", + "SCORE": "5.400", + "C": "N", + "AV": "N", + "I": "L", + "S": "U", + "A": "L", + "PR": "L", + "AC": "L" + } + } + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_version" : "4.0" -} + } + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-11-12T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38974", + "STATE": "PUBLIC" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38975.json b/2021/38xxx/CVE-2021-38975.json index ce937d18d8d..e1e477937d9 100644 --- a/2021/38xxx/CVE-2021-38975.json +++ b/2021/38xxx/CVE-2021-38975.json @@ -1,114 +1,114 @@ { - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "ID" : "CVE-2021-38975", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - }, - "product_name" : "Security Key Lifecycle Manager" - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "I" : "N", - "S" : "U", - "A" : "N", - "PR" : "L", - "AC" : "L", - "UI" : "N", - "SCORE" : "4.300", - "C" : "L", - "AV" : "N" - } - } - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6516044", - "title" : "IBM Security Bulletin 6516044 (Security Key Lifecycle Manager)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6516044" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve202138975-info-disc (212780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212780" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.", - "lang" : "eng" - } - ] - } -} + ] + }, + "CVE_data_meta": { + "DATE_PUBLIC": "2021-11-12T00:00:00", + "ID": "CVE-2021-38975", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + }, + "product_name": "Security Key Lifecycle Manager" + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "I": "N", + "S": "U", + "A": "N", + "PR": "L", + "AC": "L", + "UI": "N", + "SCORE": "4.300", + "C": "L", + "AV": "N" + } + } + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6516044", + "title": "IBM Security Bulletin 6516044 (Security Key Lifecycle Manager)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6516044" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve202138975-info-disc (212780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212780" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38976.json b/2021/38xxx/CVE-2021-38976.json index 267c4487bc4..42ac0a6c08a 100644 --- a/2021/38xxx/CVE-2021-38976.json +++ b/2021/38xxx/CVE-2021-38976.json @@ -1,114 +1,114 @@ { - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6516038 (Security Key Lifecycle Manager)", - "name" : "https://www.ibm.com/support/pages/node/6516038", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6516038" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212781", - "refsource" : "XF", - "name" : "ibm-tivoli-cve202138976-info-disc (212781)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2021-38976", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "references": { + "reference_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "title": "IBM Security Bulletin 6516038 (Security Key Lifecycle Manager)", + "name": "https://www.ibm.com/support/pages/node/6516038", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6516038" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212781", + "refsource": "XF", + "name": "ibm-tivoli-cve202138976-info-disc (212781)", + "title": "X-Force Vulnerability Report" } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "UI" : "N", - "SCORE" : "6.200", - "AV" : "L", - "C" : "H", - "S" : "U", - "I" : "N", - "A" : "N", - "PR" : "N", - "AC" : "L" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - } -} + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38976", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-11-12T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "UI": "N", + "SCORE": "6.200", + "AV": "L", + "C": "H", + "S": "U", + "I": "N", + "A": "N", + "PR": "N", + "AC": "L" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38977.json b/2021/38xxx/CVE-2021-38977.json index a05db99163b..82fd35e3af7 100644 --- a/2021/38xxx/CVE-2021-38977.json +++ b/2021/38xxx/CVE-2021-38977.json @@ -1,114 +1,114 @@ { - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - } - } - ] - } - } - ] - } - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "RL" : "O", - "E" : "U" - }, - "BM" : { - "AV" : "N", - "C" : "L", - "SCORE" : "3.100", - "UI" : "R", - "AC" : "H", - "PR" : "N", - "S" : "U", - "I" : "N", - "A" : "N" - } - } - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + } + } + ] + } + } ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38977", - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "STATE" : "PUBLIC" - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6516052 (Security Key Lifecycle Manager)", - "name" : "https://www.ibm.com/support/pages/node/6516052", - "url" : "https://www.ibm.com/support/pages/node/6516052", - "refsource" : "CONFIRM" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve202138977-info-disc (212782)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "AV": "N", + "C": "L", + "SCORE": "3.100", + "UI": "R", + "AC": "H", + "PR": "N", + "S": "U", + "I": "N", + "A": "N" + } + } + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38977", + "DATE_PUBLIC": "2021-11-12T00:00:00", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.", + "lang": "eng" + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 6516052 (Security Key Lifecycle Manager)", + "name": "https://www.ibm.com/support/pages/node/6516052", + "url": "https://www.ibm.com/support/pages/node/6516052", + "refsource": "CONFIRM" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve202138977-info-disc (212782)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212782" + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38978.json b/2021/38xxx/CVE-2021-38978.json index 6f89932fb34..f347ba08de6 100644 --- a/2021/38xxx/CVE-2021-38978.json +++ b/2021/38xxx/CVE-2021-38978.json @@ -1,114 +1,114 @@ { - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6516050", - "title" : "IBM Security Bulletin 6516050 (Security Key Lifecycle Manager)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6516050" - }, - { - "name" : "ibm-tivoli-cve202138978-info-disc (212783)", - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212783", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783." - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38978", - "DATE_PUBLIC" : "2021-11-12T00:00:00" - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "UI" : "N", - "SCORE" : "5.900", - "C" : "H", - "AV" : "N", - "A" : "N", - "S" : "U", - "I" : "N", - "PR" : "N", - "AC" : "H" - } - } - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - }, - "product_name" : "Security Key Lifecycle Manager" - } - ] - } + "name": "https://www.ibm.com/support/pages/node/6516050", + "title": "IBM Security Bulletin 6516050 (Security Key Lifecycle Manager)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6516050" + }, + { + "name": "ibm-tivoli-cve202138978-info-disc (212783)", + "title": "X-Force Vulnerability Report", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212783", + "refsource": "XF" } - ] - } - } -} + ] + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783." + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38978", + "DATE_PUBLIC": "2021-11-12T00:00:00" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "UI": "N", + "SCORE": "5.900", + "C": "H", + "AV": "N", + "A": "N", + "S": "U", + "I": "N", + "PR": "N", + "AC": "H" + } + } + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + }, + "product_name": "Security Key Lifecycle Manager" + } + ] + } + } + ] + } + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38979.json b/2021/38xxx/CVE-2021-38979.json index e2b230346e3..836baee751f 100644 --- a/2021/38xxx/CVE-2021-38979.json +++ b/2021/38xxx/CVE-2021-38979.json @@ -1,114 +1,114 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "SCORE" : "4.400", - "UI" : "N", - "AV" : "N", - "C" : "H", - "PR" : "H", - "I" : "N", - "S" : "U", - "A" : "N", - "AC" : "H" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - }, - "product_name" : "Security Key Lifecycle Manager" - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "SCORE": "4.400", + "UI": "N", + "AV": "N", + "C": "H", + "PR": "H", + "I": "N", + "S": "U", + "A": "N", + "AC": "H" } - ] - } - }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38979", - "STATE" : "PUBLIC" - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + }, + "product_name": "Security Key Lifecycle Manager" + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6516034", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6516034", - "title" : "IBM Security Bulletin 6516034 (Security Key Lifecycle Manager)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212785", - "name" : "ibm-tivoli-cve202138979-info-disc (212785)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE" -} + } + }, + "data_format": "MITRE", + "CVE_data_meta": { + "DATE_PUBLIC": "2021-11-12T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38979", + "STATE": "PUBLIC" + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6516034", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6516034", + "title": "IBM Security Bulletin 6516034 (Security Key Lifecycle Manager)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212785", + "name": "ibm-tivoli-cve202138979-info-disc (212785)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38981.json b/2021/38xxx/CVE-2021-38981.json index d1ee50294c0..faf2d556361 100644 --- a/2021/38xxx/CVE-2021-38981.json +++ b/2021/38xxx/CVE-2021-38981.json @@ -1,114 +1,114 @@ { - "CVE_data_meta" : { - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38981", - "STATE" : "PUBLIC" - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "N", - "S" : "U", - "A" : "N", - "PR" : "N", - "AC" : "L", - "UI" : "N", - "SCORE" : "5.300", - "C" : "L", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "DATE_PUBLIC": "2021-11-12T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38981", + "STATE": "PUBLIC" + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - }, - "product_name" : "Security Key Lifecycle Manager" - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6516048", - "name" : "https://www.ibm.com/support/pages/node/6516048", - "title" : "IBM Security Bulletin 6516048 (Security Key Lifecycle Manager)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212788", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve202138981-info-disc (212788)" - } - ] - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.", - "lang" : "eng" - } - ] - } -} + ] + }, + "impact": { + "cvssv3": { + "BM": { + "I": "N", + "S": "U", + "A": "N", + "PR": "N", + "AC": "L", + "UI": "N", + "SCORE": "5.300", + "C": "L", + "AV": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + }, + "product_name": "Security Key Lifecycle Manager" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_format": "MITRE", + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6516048", + "name": "https://www.ibm.com/support/pages/node/6516048", + "title": "IBM Security Bulletin 6516048 (Security Key Lifecycle Manager)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212788", + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve202138981-info-disc (212788)" + } + ] + }, + "data_type": "CVE", + "description": { + "description_data": [ + { + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.", + "lang": "eng" + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38982.json b/2021/38xxx/CVE-2021-38982.json index 0839db95ce9..3483680bbe6 100644 --- a/2021/38xxx/CVE-2021-38982.json +++ b/2021/38xxx/CVE-2021-38982.json @@ -1,114 +1,114 @@ { - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212791.", - "lang" : "eng" - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6516042", - "title" : "IBM Security Bulletin 6516042 (Security Key Lifecycle Manager)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/6516042" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212791", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve202138982-xss (212791)" - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212791.", + "lang": "eng" } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "5.400", - "UI" : "R", - "C" : "L", - "AV" : "N", - "PR" : "L", - "S" : "C", - "I" : "L", - "A" : "N", - "AC" : "L" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "H" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6516042", + "title": "IBM Security Bulletin 6516042 (Security Key Lifecycle Manager)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/6516042" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212791", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve202138982-xss (212791)" + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38982", - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "STATE" : "PUBLIC" - } -} + } + }, + "impact": { + "cvssv3": { + "BM": { + "SCORE": "5.400", + "UI": "R", + "C": "L", + "AV": "N", + "PR": "L", + "S": "C", + "I": "L", + "A": "N", + "AC": "L" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "H" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38982", + "DATE_PUBLIC": "2021-11-12T00:00:00", + "STATE": "PUBLIC" + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38983.json b/2021/38xxx/CVE-2021-38983.json index e17eed50335..f82977bc0ca 100644 --- a/2021/38xxx/CVE-2021-38983.json +++ b/2021/38xxx/CVE-2021-38983.json @@ -1,114 +1,114 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38983", - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "STATE" : "PUBLIC" - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Security Key Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - } - } - ] - } + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] } - ] - } - }, - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "H", - "AV" : "N", - "SCORE" : "4.400", - "UI" : "N", - "AC" : "H", - "PR" : "H", - "I" : "N", - "S" : "U", - "A" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6516036", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6516036 (Security Key Lifecycle Manager)", - "name" : "https://www.ibm.com/support/pages/node/6516036" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212792", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve202138983-info-disc (212792)" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792." - } - ] - } -} + ] + }, + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38983", + "DATE_PUBLIC": "2021-11-12T00:00:00", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Security Key Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "C": "H", + "AV": "N", + "SCORE": "4.400", + "UI": "N", + "AC": "H", + "PR": "H", + "I": "N", + "S": "U", + "A": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6516036", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6516036 (Security Key Lifecycle Manager)", + "name": "https://www.ibm.com/support/pages/node/6516036" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212792", + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve202138983-info-disc (212792)" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792." + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38984.json b/2021/38xxx/CVE-2021-38984.json index 24c67a3f235..a3eb2b0a8e2 100644 --- a/2021/38xxx/CVE-2021-38984.json +++ b/2021/38xxx/CVE-2021-38984.json @@ -1,114 +1,114 @@ { - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6516032", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6516032", - "title" : "IBM Security Bulletin 6516032 (Security Key Lifecycle Manager)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-tivoli-cve202138984-info-disc (212793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/212793" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793." - } - ] - }, - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2021-38984", - "DATE_PUBLIC" : "2021-11-12T00:00:00", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "3.0" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.0.4" - }, - { - "version_value" : "3.0.1.5" - }, - { - "version_value" : "4.0.0.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "4.1.0.1" - }, - { - "version_value" : "4.1.1" - } - ] - }, - "product_name" : "Security Key Lifecycle Manager" - } - ] - } + "url": "https://www.ibm.com/support/pages/node/6516032", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6516032", + "title": "IBM Security Bulletin 6516032 (Security Key Lifecycle Manager)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-tivoli-cve202138984-info-disc (212793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212793" } - ] - } - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "SCORE" : "3.700", - "UI" : "N", - "C" : "L", - "AV" : "N", - "PR" : "N", - "I" : "N", - "S" : "U", - "A" : "N", - "AC" : "H" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - } -} + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793." + } + ] + }, + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2021-38984", + "DATE_PUBLIC": "2021-11-12T00:00:00", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.0.4" + }, + { + "version_value": "3.0.1.5" + }, + { + "version_value": "4.0.0.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "4.1.0.1" + }, + { + "version_value": "4.1.1" + } + ] + }, + "product_name": "Security Key Lifecycle Manager" + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "SCORE": "3.700", + "UI": "N", + "C": "L", + "AV": "N", + "PR": "N", + "I": "N", + "S": "U", + "A": "N", + "AC": "H" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41765.json b/2021/41xxx/CVE-2021-41765.json index dd1a344134d..2bfcd39a263 100644 --- a/2021/41xxx/CVE-2021-41765.json +++ b/2021/41xxx/CVE-2021-41765.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41765", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41765", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php", + "refsource": "MISC", + "name": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php" + }, + { + "refsource": "MISC", + "name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/", + "url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/" } ] } diff --git a/2021/41xxx/CVE-2021-41950.json b/2021/41xxx/CVE-2021-41950.json index 5cdb9c8c1ab..98dfe444912 100644 --- a/2021/41xxx/CVE-2021-41950.json +++ b/2021/41xxx/CVE-2021-41950.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41950", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41950", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php", + "refsource": "MISC", + "name": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php" + }, + { + "refsource": "MISC", + "name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/", + "url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/" } ] } diff --git a/2021/41xxx/CVE-2021-41951.json b/2021/41xxx/CVE-2021-41951.json index 8e4bad55fda..34e076cf1a7 100644 --- a/2021/41xxx/CVE-2021-41951.json +++ b/2021/41xxx/CVE-2021-41951.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41951", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41951", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/", + "url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/" } ] } diff --git a/2021/42xxx/CVE-2021-42580.json b/2021/42xxx/CVE-2021-42580.json index 1684be104fd..fac90f93c9f 100644 --- a/2021/42xxx/CVE-2021-42580.json +++ b/2021/42xxx/CVE-2021-42580.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-42580", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-42580", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypass-file-upload-unauthenticated-RCE", + "refsource": "MISC", + "name": "https://github.com/DjebbarAnon/online-learning-system-v2-sqli-authentication-bypass-file-upload-unauthenticated-RCE" } ] }