From ebfa4de269f32c425f318ac30f7dbf90c50ebddd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 22 Jul 2021 12:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/20xxx/CVE-2021-20596.json | 61 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22522.json | 50 ++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22523.json | 50 ++++++++++++++++++++++++-- 2021/30xxx/CVE-2021-30049.json | 56 +++++++++++++++++++++++++---- 2021/30xxx/CVE-2021-30486.json | 56 +++++++++++++++++++++++++---- 2021/32xxx/CVE-2021-32761.json | 5 +++ 2021/35xxx/CVE-2021-35520.json | 66 ++++++++++++++++++++++++++++++---- 2021/35xxx/CVE-2021-35521.json | 66 ++++++++++++++++++++++++++++++---- 2021/35xxx/CVE-2021-35522.json | 66 ++++++++++++++++++++++++++++++---- 9 files changed, 437 insertions(+), 39 deletions(-) diff --git a/2021/20xxx/CVE-2021-20596.json b/2021/20xxx/CVE-2021-20596.json index 18fb8e5d4a6..5571a2c33bc 100644 --- a/2021/20xxx/CVE-2021-20596.json +++ b/2021/20xxx/CVE-2021-20596.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MELSEC-F Series FX3U-ENET; FX3U-ENET-L; FX3U-ENET-P502", + "version": { + "version_data": [ + { + "version_value": "Firmware version 1.14 and prior" + }, + { + "version_value": "Firmware version 1.14 and prior" + }, + { + "version_value": "Firmware version 1.14 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NULL Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-006_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU94348759/index.html", + "url": "https://jvn.jp/vu/JVNVU94348759/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a DoS condition in communication by sending specially crafted packets. Control by MELSEC-F series PLC is not affected and system reset is required for recovery." } ] } diff --git a/2021/22xxx/CVE-2021-22522.json b/2021/22xxx/CVE-2021-22522.json index 24353ab10c6..cf821313863 100644 --- a/2021/22xxx/CVE-2021-22522.json +++ b/2021/22xxx/CVE-2021-22522.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@microfocus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Verastream Host Integrator.", + "version": { + "version_data": [ + { + "version_value": "version 7.8 Update 1 and earlier versions." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.microfocus.com/kb/doc.php?id=7025169", + "url": "https://support.microfocus.com/kb/doc.php?id=7025169" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data." } ] } diff --git a/2021/22xxx/CVE-2021-22523.json b/2021/22xxx/CVE-2021-22523.json index de11f8f0f99..fb1704e8d16 100644 --- a/2021/22xxx/CVE-2021-22523.json +++ b/2021/22xxx/CVE-2021-22523.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@microfocus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Verastream Host Integrator.", + "version": { + "version_data": [ + { + "version_value": "Version 7.8 Update 1 and earlier versions." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.microfocus.com/kb/doc.php?id=7025169", + "url": "https://support.microfocus.com/kb/doc.php?id=7025169" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions." } ] } diff --git a/2021/30xxx/CVE-2021-30049.json b/2021/30xxx/CVE-2021-30049.json index ebdcc9088d6..578bd731189 100644 --- a/2021/30xxx/CVE-2021-30049.json +++ b/2021/30xxx/CVE-2021-30049.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://eh337.net/2021/03/30/sysaid/", + "refsource": "MISC", + "name": "https://eh337.net/2021/03/30/sysaid/" } ] } diff --git a/2021/30xxx/CVE-2021-30486.json b/2021/30xxx/CVE-2021-30486.json index a26e401d025..f4e5d29b594 100644 --- a/2021/30xxx/CVE-2021-30486.json +++ b/2021/30xxx/CVE-2021-30486.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30486", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30486", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://eh337.net/2021/04/10/sysaid-ii/", + "refsource": "MISC", + "name": "https://eh337.net/2021/04/10/sysaid-ii/" } ] } diff --git a/2021/32xxx/CVE-2021-32761.json b/2021/32xxx/CVE-2021-32761.json index deead97d086..7b2c3ce7fc6 100644 --- a/2021/32xxx/CVE-2021-32761.json +++ b/2021/32xxx/CVE-2021-32761.json @@ -87,6 +87,11 @@ "name": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html" } ] }, diff --git a/2021/35xxx/CVE-2021-35520.json b/2021/35xxx/CVE-2021-35520.json index 51d666bdc73..705155b7105 100644 --- a/2021/35xxx/CVE-2021-35520.json +++ b/2021/35xxx/CVE-2021-35520.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35520", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35520", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.idemia.com", + "refsource": "MISC", + "name": "https://www.idemia.com" + }, + { + "refsource": "MISC", + "name": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true", + "url": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true" + }, + { + "refsource": "MISC", + "name": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true", + "url": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true" } ] } diff --git a/2021/35xxx/CVE-2021-35521.json b/2021/35xxx/CVE-2021-35521.json index 9f337b65fb2..a0c16530654 100644 --- a/2021/35xxx/CVE-2021-35521.json +++ b/2021/35xxx/CVE-2021-35521.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35521", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35521", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.idemia.com", + "refsource": "MISC", + "name": "https://www.idemia.com" + }, + { + "refsource": "MISC", + "name": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true", + "url": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true" + }, + { + "refsource": "MISC", + "name": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true", + "url": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true" } ] } diff --git a/2021/35xxx/CVE-2021-35522.json b/2021/35xxx/CVE-2021-35522.json index 83374d58b5a..240812ac2ef 100644 --- a/2021/35xxx/CVE-2021-35522.json +++ b/2021/35xxx/CVE-2021-35522.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35522", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35522", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.idemia.com", + "refsource": "MISC", + "name": "https://www.idemia.com" + }, + { + "refsource": "MISC", + "name": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true", + "url": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true" + }, + { + "refsource": "MISC", + "name": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true", + "url": "https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true" } ] }