From cde9ac61b55ab8a97fb26d35493e0decc32f9f44 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 10 Jun 2021 15:00:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17567.json | 5 +++ 2020/13xxx/CVE-2020-13938.json | 5 +++ 2020/13xxx/CVE-2020-13950.json | 5 +++ 2020/24xxx/CVE-2020-24662.json | 61 ++++++++++++++++++++++++++++--- 2020/35xxx/CVE-2020-35452.json | 5 +++ 2021/0xxx/CVE-2021-0089.json | 10 +++++ 2021/21xxx/CVE-2021-21661.json | 3 +- 2021/21xxx/CVE-2021-21662.json | 3 +- 2021/21xxx/CVE-2021-21663.json | 3 +- 2021/21xxx/CVE-2021-21664.json | 3 +- 2021/21xxx/CVE-2021-21665.json | 3 +- 2021/21xxx/CVE-2021-21666.json | 3 +- 2021/23xxx/CVE-2021-23023.json | 50 +++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23024.json | 50 +++++++++++++++++++++++-- 2021/26xxx/CVE-2021-26313.json | 10 +++++ 2021/26xxx/CVE-2021-26690.json | 5 +++ 2021/26xxx/CVE-2021-26691.json | 5 +++ 2021/30xxx/CVE-2021-30641.json | 5 +++ 2021/31xxx/CVE-2021-31538.json | 56 +++++++++++++++++++++++++--- 2021/31xxx/CVE-2021-31658.json | 61 ++++++++++++++++++++++++++++--- 2021/31xxx/CVE-2021-31659.json | 61 ++++++++++++++++++++++++++++--- 2021/31xxx/CVE-2021-31927.json | 61 ++++++++++++++++++++++++++++--- 2021/31xxx/CVE-2021-31928.json | 61 ++++++++++++++++++++++++++++--- 2021/34xxx/CVE-2021-34547.json | 56 +++++++++++++++++++++++++--- 2021/34xxx/CVE-2021-34548.json | 18 +++++++++ 2021/34xxx/CVE-2021-34549.json | 18 +++++++++ 2021/34xxx/CVE-2021-34550.json | 18 +++++++++ 2021/34xxx/CVE-2021-34551.json | 18 +++++++++ 2021/34xxx/CVE-2021-34552.json | 18 +++++++++ 2021/34xxx/CVE-2021-34553.json | 18 +++++++++ 2021/34xxx/CVE-2021-34554.json | 18 +++++++++ 2021/34xxx/CVE-2021-34555.json | 67 ++++++++++++++++++++++++++++++++++ 32 files changed, 729 insertions(+), 54 deletions(-) create mode 100644 2021/34xxx/CVE-2021-34548.json create mode 100644 2021/34xxx/CVE-2021-34549.json create mode 100644 2021/34xxx/CVE-2021-34550.json create mode 100644 2021/34xxx/CVE-2021-34551.json create mode 100644 2021/34xxx/CVE-2021-34552.json create mode 100644 2021/34xxx/CVE-2021-34553.json create mode 100644 2021/34xxx/CVE-2021-34554.json create mode 100644 2021/34xxx/CVE-2021-34555.json diff --git a/2019/17xxx/CVE-2019-17567.json b/2019/17xxx/CVE-2019-17567.json index adbf2d21efd..cd922014a51 100644 --- a/2019/17xxx/CVE-2019-17567.json +++ b/2019/17xxx/CVE-2019-17567.json @@ -203,6 +203,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210609 CVE-2019-17567: Apache httpd: mod_proxy_wstunnel tunneling of non Upgraded connections", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/2" } ] }, diff --git a/2020/13xxx/CVE-2020-13938.json b/2020/13xxx/CVE-2020-13938.json index 99dec0cf675..4fae87f39d6 100644 --- a/2020/13xxx/CVE-2020-13938.json +++ b/2020/13xxx/CVE-2020-13938.json @@ -228,6 +228,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210609 CVE-2020-13938: Apache httpd: Improper Handling of Insufficient Privileges", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/3" } ] }, diff --git a/2020/13xxx/CVE-2020-13950.json b/2020/13xxx/CVE-2020-13950.json index 176cfbb1f9a..fdc2e00a299 100644 --- a/2020/13xxx/CVE-2020-13950.json +++ b/2020/13xxx/CVE-2020-13950.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210609 CVE-2020-13950: Apache httpd: mod_proxy_http NULL pointer dereference", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/4" } ] }, diff --git a/2020/24xxx/CVE-2020-24662.json b/2020/24xxx/CVE-2020-24662.json index d20c24f2db1..d01f65af42f 100644 --- a/2020/24xxx/CVE-2020-24662.json +++ b/2020/24xxx/CVE-2020-24662.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24662", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24662", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.accenture.com", + "refsource": "MISC", + "name": "https://www.accenture.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md", + "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md" } ] } diff --git a/2020/35xxx/CVE-2020-35452.json b/2020/35xxx/CVE-2020-35452.json index 79fa7403f8a..6387e12c400 100644 --- a/2020/35xxx/CVE-2020-35452.json +++ b/2020/35xxx/CVE-2020-35452.json @@ -228,6 +228,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210609 CVE-2020-35452: Apache httpd: mod_auth_digest possible stack overflow by one nul byte", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/5" } ] }, diff --git a/2021/0xxx/CVE-2021-0089.json b/2021/0xxx/CVE-2021-0089.json index 8019a03ae18..6dedfaa7dbe 100644 --- a/2021/0xxx/CVE-2021-0089.json +++ b/2021/0xxx/CVE-2021-0089.json @@ -53,6 +53,16 @@ "refsource": "MLIST", "name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/11" } ] }, diff --git a/2021/21xxx/CVE-2021-21661.json b/2021/21xxx/CVE-2021-21661.json index 3fdabeb4fbd..8416d636071 100644 --- a/2021/21xxx/CVE-2021-21661.json +++ b/2021/21xxx/CVE-2021-21661.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21661", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21662.json b/2021/21xxx/CVE-2021-21662.json index 5fb789bb75d..4e02730400a 100644 --- a/2021/21xxx/CVE-2021-21662.json +++ b/2021/21xxx/CVE-2021-21662.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21662", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21663.json b/2021/21xxx/CVE-2021-21663.json index 59a8b0e621c..67604faa127 100644 --- a/2021/21xxx/CVE-2021-21663.json +++ b/2021/21xxx/CVE-2021-21663.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21663", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21664.json b/2021/21xxx/CVE-2021-21664.json index b596e0f35c9..53a493f2975 100644 --- a/2021/21xxx/CVE-2021-21664.json +++ b/2021/21xxx/CVE-2021-21664.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21664", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21665.json b/2021/21xxx/CVE-2021-21665.json index d85d5575ff0..59679161190 100644 --- a/2021/21xxx/CVE-2021-21665.json +++ b/2021/21xxx/CVE-2021-21665.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21665", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/21xxx/CVE-2021-21666.json b/2021/21xxx/CVE-2021-21666.json index e65525c76b3..1941cf62072 100644 --- a/2021/21xxx/CVE-2021-21666.json +++ b/2021/21xxx/CVE-2021-21666.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2021-21666", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2021/23xxx/CVE-2021-23023.json b/2021/23xxx/CVE-2021-23023.json index 5b3f9c0c7ec..c14b7da411a 100644 --- a/2021/23xxx/CVE-2021-23023.json +++ b/2021/23xxx/CVE-2021-23023.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23023", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Edge Client for Windows", + "version": { + "version_data": [ + { + "version_value": "7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K33757590", + "url": "https://support.f5.com/csp/article/K33757590" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/23xxx/CVE-2021-23024.json b/2021/23xxx/CVE-2021-23024.json index 54f90b32175..e0da34ca335 100644 --- a/2021/23xxx/CVE-2021-23024.json +++ b/2021/23xxx/CVE-2021-23024.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23024", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IQ", + "version": { + "version_data": [ + { + "version_value": "8.0.x before 8.0.0.1, and all 6.x and 7.x versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K06024431", + "url": "https://support.f5.com/csp/article/K06024431" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/26xxx/CVE-2021-26313.json b/2021/26xxx/CVE-2021-26313.json index 9c42d8d8772..079482e0269 100644 --- a/2021/26xxx/CVE-2021-26313.json +++ b/2021/26xxx/CVE-2021-26313.json @@ -77,6 +77,16 @@ "refsource": "MLIST", "name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/10" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/11" } ] }, diff --git a/2021/26xxx/CVE-2021-26690.json b/2021/26xxx/CVE-2021-26690.json index 0aafd7bfc5d..a026046bdf0 100644 --- a/2021/26xxx/CVE-2021-26690.json +++ b/2021/26xxx/CVE-2021-26690.json @@ -228,6 +228,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210609 CVE-2021-26690: Apache httpd: mod_session NULL pointer dereference", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/6" } ] }, diff --git a/2021/26xxx/CVE-2021-26691.json b/2021/26xxx/CVE-2021-26691.json index 63c9603448d..6a2ef70716a 100644 --- a/2021/26xxx/CVE-2021-26691.json +++ b/2021/26xxx/CVE-2021-26691.json @@ -228,6 +228,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/7" } ] }, diff --git a/2021/30xxx/CVE-2021-30641.json b/2021/30xxx/CVE-2021-30641.json index 8869be2d2ae..f30d7ab9db9 100644 --- a/2021/30xxx/CVE-2021-30641.json +++ b/2021/30xxx/CVE-2021-30641.json @@ -103,6 +103,11 @@ "refsource": "MLIST", "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json", "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210609 CVE-2021-30641: Apache httpd: Unexpected URL matching with 'MergeSlashes OFF'", + "url": "http://www.openwall.com/lists/oss-security/2021/06/10/8" } ] }, diff --git a/2021/31xxx/CVE-2021-31538.json b/2021/31xxx/CVE-2021-31538.json index 46393d0a17e..23c14c9bec0 100644 --- a/2021/31xxx/CVE-2021-31538.json +++ b/2021/31xxx/CVE-2021-31538.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31538", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31538", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-010.txt", + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-010.txt" } ] } diff --git a/2021/31xxx/CVE-2021-31658.json b/2021/31xxx/CVE-2021-31658.json index d567f0f19d6..8b60e53d74e 100644 --- a/2021/31xxx/CVE-2021-31658.json +++ b/2021/31xxx/CVE-2021-31658.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31658", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31658", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the \"device description\" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://tp-link.com", + "refsource": "MISC", + "name": "http://tp-link.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658", + "url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658" } ] } diff --git a/2021/31xxx/CVE-2021-31659.json b/2021/31xxx/CVE-2021-31659.json index e30ee8b95ad..c5c87ae64df 100644 --- a/2021/31xxx/CVE-2021-31659.json +++ b/2021/31xxx/CVE-2021-31659.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31659", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31659", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://tp-link.com", + "refsource": "MISC", + "name": "http://tp-link.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659", + "url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659" } ] } diff --git a/2021/31xxx/CVE-2021-31927.json b/2021/31xxx/CVE-2021-31927.json index 7da357e6b29..03fc535acf2 100644 --- a/2021/31xxx/CVE-2021-31927.json +++ b/2021/31xxx/CVE-2021-31927.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31927", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31927", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md", + "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md" + }, + { + "url": "https://www.annexcloud.com/", + "refsource": "MISC", + "name": "https://www.annexcloud.com/" } ] } diff --git a/2021/31xxx/CVE-2021-31928.json b/2021/31xxx/CVE-2021-31928.json index a3843258b5a..ab9baf9cf10 100644 --- a/2021/31xxx/CVE-2021-31928.json +++ b/2021/31xxx/CVE-2021-31928.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31928", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31928", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md", + "url": "https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md" + }, + { + "url": "https://www.annexcloud.com/", + "refsource": "MISC", + "name": "https://www.annexcloud.com/" } ] } diff --git a/2021/34xxx/CVE-2021-34547.json b/2021/34xxx/CVE-2021-34547.json index 05fd5e308f8..31983e531be 100644 --- a/2021/34xxx/CVE-2021-34547.json +++ b/2021/34xxx/CVE-2021-34547.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34547", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34547", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user account creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/likhihcv/PRTG_Network_Monitor_20.1.55.1775_CSRF", + "refsource": "MISC", + "name": "https://github.com/likhihcv/PRTG_Network_Monitor_20.1.55.1775_CSRF" } ] } diff --git a/2021/34xxx/CVE-2021-34548.json b/2021/34xxx/CVE-2021-34548.json new file mode 100644 index 00000000000..2da67e9af3c --- /dev/null +++ b/2021/34xxx/CVE-2021-34548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34549.json b/2021/34xxx/CVE-2021-34549.json new file mode 100644 index 00000000000..c2ba5dba725 --- /dev/null +++ b/2021/34xxx/CVE-2021-34549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34550.json b/2021/34xxx/CVE-2021-34550.json new file mode 100644 index 00000000000..7822cfd61ed --- /dev/null +++ b/2021/34xxx/CVE-2021-34550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34551.json b/2021/34xxx/CVE-2021-34551.json new file mode 100644 index 00000000000..9ef42eb4930 --- /dev/null +++ b/2021/34xxx/CVE-2021-34551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34552.json b/2021/34xxx/CVE-2021-34552.json new file mode 100644 index 00000000000..e9b9cdd44a0 --- /dev/null +++ b/2021/34xxx/CVE-2021-34552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34553.json b/2021/34xxx/CVE-2021-34553.json new file mode 100644 index 00000000000..f7584ec1eb7 --- /dev/null +++ b/2021/34xxx/CVE-2021-34553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34553", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34554.json b/2021/34xxx/CVE-2021-34554.json new file mode 100644 index 00000000000..7641b84686f --- /dev/null +++ b/2021/34xxx/CVE-2021-34554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34555.json b/2021/34xxx/CVE-2021-34555.json new file mode 100644 index 00000000000..89b058c3ad7 --- /dev/null +++ b/2021/34xxx/CVE-2021-34555.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-34555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/trusteddomainproject/OpenDMARC/issues/179", + "refsource": "MISC", + "name": "https://github.com/trusteddomainproject/OpenDMARC/issues/179" + }, + { + "url": "https://github.com/trusteddomainproject/OpenDMARC/pull/178", + "refsource": "MISC", + "name": "https://github.com/trusteddomainproject/OpenDMARC/pull/178" + } + ] + } +} \ No newline at end of file