diff --git a/2017/7xxx/CVE-2017-7483.json b/2017/7xxx/CVE-2017-7483.json index 345c516ff9b..96ab52cefde 100644 --- a/2017/7xxx/CVE-2017-7483.json +++ b/2017/7xxx/CVE-2017-7483.json @@ -61,6 +61,11 @@ "name": "[oss-security] 20170501 Re: Integer Overflow in rxvt", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/05/01/18" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210609 [SECURITY] [DLA 2683-1] rxvt security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html" } ] } diff --git a/2020/15xxx/CVE-2020-15381.json b/2020/15xxx/CVE-2020-15381.json index 78fa0851a6b..c77ca1f74e7 100644 --- a/2020/15xxx/CVE-2020-15381.json +++ b/2020/15xxx/CVE-2020-15381.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-15381", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade SANnav", + "version": { + "version_data": [ + { + "version_value": "Brocade SANnav before version 2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1483", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1483" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server." } ] } diff --git a/2020/15xxx/CVE-2020-15382.json b/2020/15xxx/CVE-2020-15382.json index 93a9a7e8fa1..d34f9a65d40 100644 --- a/2020/15xxx/CVE-2020-15382.json +++ b/2020/15xxx/CVE-2020-15382.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-15382", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade SANnav", + "version": { + "version_data": [ + { + "version_value": "Brocade SANnav before version 2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hard-coding credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1484", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1484" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Brocade SANnav before version 2.1.1 uses a hard-coded administrator account with the weak password \u2018passw0rd\u2019 if a password is not provided for PostgreSQL at install-time." } ] } diff --git a/2020/15xxx/CVE-2020-15383.json b/2020/15xxx/CVE-2020-15383.json index dc2899fb6da..1e622cd355f 100644 --- a/2020/15xxx/CVE-2020-15383.json +++ b/2020/15xxx/CVE-2020-15383.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-15383", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "sirt@brocade.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Brocade Fabric OS", + "version": { + "version_data": [ + { + "version_value": "Brocade Fabric OS versions before v9.0.0, v8.2.2d, and v8.2.1e" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denail of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2021-1496" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic." } ] } diff --git a/2020/27xxx/CVE-2020-27384.json b/2020/27xxx/CVE-2020-27384.json index d34ca1b0b2c..6e56d01b1b7 100644 --- a/2020/27xxx/CVE-2020-27384.json +++ b/2020/27xxx/CVE-2020-27384.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27384", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27384", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an \"Authenticated User\" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation", + "refsource": "MISC", + "name": "https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation" } ] } diff --git a/2021/23xxx/CVE-2021-23847.json b/2021/23xxx/CVE-2021-23847.json index 06905968a63..e9c94a0bbe9 100644 --- a/2021/23xxx/CVE-2021-23847.json +++ b/2021/23xxx/CVE-2021-23847.json @@ -4,15 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23847", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-20", + "TITLE": "Unauthenticated Information Extraction Vulnerability", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "CPP Firmware", + "version": { + "version_data": [ + { + "version_value": "7.70", + "version_affected": "=", + "platform": "CPP6, CPP7, CPP7.3" + }, + { + "version_value": "7.72", + "version_affected": "=", + "platform": "CPP6, CPP7, CPP7.3" + }, + { + "version_value": "7.80 B128", + "version_affected": "<", + "platform": "CPP6, CPP7, CPP7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected." } ] + }, + "source": { + "advisory": "BOSCH-SA-478243-BT ", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23848.json b/2021/23xxx/CVE-2021-23848.json index 97e51d54653..c66fcb9ac78 100644 --- a/2021/23xxx/CVE-2021-23848.json +++ b/2021/23xxx/CVE-2021-23848.json @@ -4,15 +4,82 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-20", + "TITLE": "Reflected XSS in URL handler", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "CPP Firmware", + "version": { + "version_data": [ + { + "version_value": "all", + "version_affected": "=", + "platform": "CPP4, CPP6, CPP7, CPP7.3, CPP13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user." } ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23852.json b/2021/23xxx/CVE-2021-23852.json index 4b8788e1078..f26f8a6c970 100644 --- a/2021/23xxx/CVE-2021-23852.json +++ b/2021/23xxx/CVE-2021-23852.json @@ -4,15 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-20", + "TITLE": "Denial of Service (DoS) due to invalid web parameter", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "CPP Firmware", + "version": { + "version_data": [ + { + "version_value": "all", + "version_affected": "=", + "platform": "CPP4, CPP6, CPP7, CPP7.3, CPP13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS)." } ] + }, + "source": { + "advisory": "BOSCH-SA-478243-BT", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23853.json b/2021/23xxx/CVE-2021-23853.json index 270cb811aba..64088fd6459 100644 --- a/2021/23xxx/CVE-2021-23853.json +++ b/2021/23xxx/CVE-2021-23853.json @@ -4,15 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-20", + "TITLE": "Improper Input Validation of HTTP Headers", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "CPP Firmware", + "version": { + "version_data": [ + { + "version_value": "all", + "version_affected": "=", + "platform": "CPP4, CPP6, CPP7, CPP7.3, CPP13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs." } ] + }, + "source": { + "advisory": "BOSCH-SA-478243-BT", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23854.json b/2021/23xxx/CVE-2021-23854.json index 5582ebaa86d..d01417ef636 100644 --- a/2021/23xxx/CVE-2021-23854.json +++ b/2021/23xxx/CVE-2021-23854.json @@ -4,15 +4,103 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23854", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-20", + "TITLE": "Reflected XSS in page parameter", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "CPP Firmware", + "version": { + "version_data": [ + { + "version_value": "7.70", + "version_affected": "=", + "platform": "CPP6, CPP7, CPP7.3" + }, + { + "version_value": "7.72", + "version_affected": "=", + "platform": "CPP6, CPP7, CPP7.3" + }, + { + "version_value": "7.62", + "version_affected": "=", + "platform": "CPP6, CPP7, CPP7.3" + }, + { + "version_value": "7.75", + "version_affected": "=", + "platform": "CPP13" + }, + { + "version_value": "7.76", + "version_affected": "=", + "platform": "CPP13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected." } ] + }, + "source": { + "advisory": " BOSCH-SA-478243-BT ", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29995.json b/2021/29xxx/CVE-2021-29995.json index 1c5e30b8243..2388ba8fe35 100644 --- a/2021/29xxx/CVE-2021-29995.json +++ b/2021/29xxx/CVE-2021-29995.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-29995", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-29995", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.cloverdx.com/releases/", + "refsource": "MISC", + "name": "https://support.cloverdx.com/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://support1.cloverdx.com/hc/en-us/articles/360021006520", + "url": "https://support1.cloverdx.com/hc/en-us/articles/360021006520" } ] } diff --git a/2021/30xxx/CVE-2021-30133.json b/2021/30xxx/CVE-2021-30133.json index 918c0b6a932..e94fb71a285 100644 --- a/2021/30xxx/CVE-2021-30133.json +++ b/2021/30xxx/CVE-2021-30133.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30133", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30133", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.cloverdx.com/releases/", + "refsource": "MISC", + "name": "https://support.cloverdx.com/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://support1.cloverdx.com/hc/en-us/articles/360021006520", + "url": "https://support1.cloverdx.com/hc/en-us/articles/360021006520" } ] } diff --git a/2021/33xxx/CVE-2021-33477.json b/2021/33xxx/CVE-2021-33477.json index 7ec4d7d0d3f..06aa562d16d 100644 --- a/2021/33xxx/CVE-2021-33477.json +++ b/2021/33xxx/CVE-2021-33477.json @@ -121,6 +121,21 @@ "refsource": "FEDORA", "name": "FEDORA-2021-8b85b2de05", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXAKO6N6NKTR6Z6KVAPEXSZQMRU52SGA/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210609 [SECURITY] [DLA 2681-1] eterm security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00010.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210609 [SECURITY] [DLA 2683-1] rxvt security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210609 [SECURITY] [DLA 2682-1] mrxvt security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00011.html" } ] } diff --git a/2021/34xxx/CVE-2021-34372.json b/2021/34xxx/CVE-2021-34372.json new file mode 100644 index 00000000000..7daa0adf9b4 --- /dev/null +++ b/2021/34xxx/CVE-2021-34372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34373.json b/2021/34xxx/CVE-2021-34373.json new file mode 100644 index 00000000000..7157110228a --- /dev/null +++ b/2021/34xxx/CVE-2021-34373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34374.json b/2021/34xxx/CVE-2021-34374.json new file mode 100644 index 00000000000..d83b06906d3 --- /dev/null +++ b/2021/34xxx/CVE-2021-34374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34375.json b/2021/34xxx/CVE-2021-34375.json new file mode 100644 index 00000000000..3892ffa6bd8 --- /dev/null +++ b/2021/34xxx/CVE-2021-34375.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34375", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34376.json b/2021/34xxx/CVE-2021-34376.json new file mode 100644 index 00000000000..0714c9cf47a --- /dev/null +++ b/2021/34xxx/CVE-2021-34376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34377.json b/2021/34xxx/CVE-2021-34377.json new file mode 100644 index 00000000000..59e425718b2 --- /dev/null +++ b/2021/34xxx/CVE-2021-34377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34378.json b/2021/34xxx/CVE-2021-34378.json new file mode 100644 index 00000000000..1f3bef5c02c --- /dev/null +++ b/2021/34xxx/CVE-2021-34378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34379.json b/2021/34xxx/CVE-2021-34379.json new file mode 100644 index 00000000000..3a7813c3a9d --- /dev/null +++ b/2021/34xxx/CVE-2021-34379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34380.json b/2021/34xxx/CVE-2021-34380.json new file mode 100644 index 00000000000..12a62985152 --- /dev/null +++ b/2021/34xxx/CVE-2021-34380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34381.json b/2021/34xxx/CVE-2021-34381.json new file mode 100644 index 00000000000..09d028d1e58 --- /dev/null +++ b/2021/34xxx/CVE-2021-34381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34382.json b/2021/34xxx/CVE-2021-34382.json new file mode 100644 index 00000000000..0fad5baf554 --- /dev/null +++ b/2021/34xxx/CVE-2021-34382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34383.json b/2021/34xxx/CVE-2021-34383.json new file mode 100644 index 00000000000..6856376fc80 --- /dev/null +++ b/2021/34xxx/CVE-2021-34383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34384.json b/2021/34xxx/CVE-2021-34384.json new file mode 100644 index 00000000000..42ca57ba895 --- /dev/null +++ b/2021/34xxx/CVE-2021-34384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34385.json b/2021/34xxx/CVE-2021-34385.json new file mode 100644 index 00000000000..84d1e58f044 --- /dev/null +++ b/2021/34xxx/CVE-2021-34385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34386.json b/2021/34xxx/CVE-2021-34386.json new file mode 100644 index 00000000000..4c8105259d3 --- /dev/null +++ b/2021/34xxx/CVE-2021-34386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34387.json b/2021/34xxx/CVE-2021-34387.json new file mode 100644 index 00000000000..819c647fe07 --- /dev/null +++ b/2021/34xxx/CVE-2021-34387.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34387", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34388.json b/2021/34xxx/CVE-2021-34388.json new file mode 100644 index 00000000000..ad38c8b8f00 --- /dev/null +++ b/2021/34xxx/CVE-2021-34388.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34388", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34389.json b/2021/34xxx/CVE-2021-34389.json new file mode 100644 index 00000000000..a831edf8ab1 --- /dev/null +++ b/2021/34xxx/CVE-2021-34389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34390.json b/2021/34xxx/CVE-2021-34390.json new file mode 100644 index 00000000000..8ffde12efec --- /dev/null +++ b/2021/34xxx/CVE-2021-34390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34391.json b/2021/34xxx/CVE-2021-34391.json new file mode 100644 index 00000000000..d75edb5fcb2 --- /dev/null +++ b/2021/34xxx/CVE-2021-34391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34392.json b/2021/34xxx/CVE-2021-34392.json new file mode 100644 index 00000000000..b37e95d2075 --- /dev/null +++ b/2021/34xxx/CVE-2021-34392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34393.json b/2021/34xxx/CVE-2021-34393.json new file mode 100644 index 00000000000..b9a724dae9b --- /dev/null +++ b/2021/34xxx/CVE-2021-34393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34394.json b/2021/34xxx/CVE-2021-34394.json new file mode 100644 index 00000000000..2366315f4b4 --- /dev/null +++ b/2021/34xxx/CVE-2021-34394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34395.json b/2021/34xxx/CVE-2021-34395.json new file mode 100644 index 00000000000..aa2276adfdd --- /dev/null +++ b/2021/34xxx/CVE-2021-34395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34396.json b/2021/34xxx/CVE-2021-34396.json new file mode 100644 index 00000000000..e6c6fe833bb --- /dev/null +++ b/2021/34xxx/CVE-2021-34396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34397.json b/2021/34xxx/CVE-2021-34397.json new file mode 100644 index 00000000000..1b936f61e73 --- /dev/null +++ b/2021/34xxx/CVE-2021-34397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34398.json b/2021/34xxx/CVE-2021-34398.json new file mode 100644 index 00000000000..7a1192b4d65 --- /dev/null +++ b/2021/34xxx/CVE-2021-34398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34399.json b/2021/34xxx/CVE-2021-34399.json new file mode 100644 index 00000000000..63d0422dcac --- /dev/null +++ b/2021/34xxx/CVE-2021-34399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34400.json b/2021/34xxx/CVE-2021-34400.json new file mode 100644 index 00000000000..18725fac8a2 --- /dev/null +++ b/2021/34xxx/CVE-2021-34400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34401.json b/2021/34xxx/CVE-2021-34401.json new file mode 100644 index 00000000000..a04efb7ad52 --- /dev/null +++ b/2021/34xxx/CVE-2021-34401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34402.json b/2021/34xxx/CVE-2021-34402.json new file mode 100644 index 00000000000..1d403719131 --- /dev/null +++ b/2021/34xxx/CVE-2021-34402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34403.json b/2021/34xxx/CVE-2021-34403.json new file mode 100644 index 00000000000..392f2cd4593 --- /dev/null +++ b/2021/34xxx/CVE-2021-34403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34404.json b/2021/34xxx/CVE-2021-34404.json new file mode 100644 index 00000000000..77fd5d6da30 --- /dev/null +++ b/2021/34xxx/CVE-2021-34404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34405.json b/2021/34xxx/CVE-2021-34405.json new file mode 100644 index 00000000000..669bfa0b32b --- /dev/null +++ b/2021/34xxx/CVE-2021-34405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/34xxx/CVE-2021-34406.json b/2021/34xxx/CVE-2021-34406.json new file mode 100644 index 00000000000..6552a065ab9 --- /dev/null +++ b/2021/34xxx/CVE-2021-34406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-34406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3196.json b/2021/3xxx/CVE-2021-3196.json index 72e121f5d22..4b58164608a 100644 --- a/2021/3xxx/CVE-2021-3196.json +++ b/2021/3xxx/CVE-2021-3196.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-3196", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-3196", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hitachi.com/hirt/security/index.html", + "refsource": "MISC", + "name": "https://www.hitachi.com/hirt/security/index.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html", + "url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user", + "url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file