diff --git a/2017/12xxx/CVE-2017-12629.json b/2017/12xxx/CVE-2017-12629.json index cc7f3e4c966..ed97eb32f76 100644 --- a/2017/12xxx/CVE-2017-12629.json +++ b/2017/12xxx/CVE-2017-12629.json @@ -182,6 +182,11 @@ "name": "https://twitter.com/joshbressers/status/919258716297420802", "refsource": "MISC", "url": "https://twitter.com/joshbressers/status/919258716297420802" + }, + { + "refsource": "MLIST", + "name": "[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", + "url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E" } ] } diff --git a/2018/14xxx/CVE-2018-14639.json b/2018/14xxx/CVE-2018-14639.json index 299e09d642b..e762b13f443 100644 --- a/2018/14xxx/CVE-2018-14639.json +++ b/2018/14xxx/CVE-2018-14639.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-14639", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-14639", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0193.json b/2019/0xxx/CVE-2019-0193.json index 09ed0d0ea0c..7f32caf3681 100644 --- a/2019/0xxx/CVE-2019-0193.json +++ b/2019/0xxx/CVE-2019-0193.json @@ -138,6 +138,11 @@ "refsource": "MLIST", "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", + "url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E" } ] }, diff --git a/2021/23xxx/CVE-2021-23845.json b/2021/23xxx/CVE-2021-23845.json index 13bc7ee8356..9a4cbc57216 100644 --- a/2021/23xxx/CVE-2021-23845.json +++ b/2021/23xxx/CVE-2021-23845.json @@ -4,15 +4,104 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23845", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-28", + "TITLE": "B426 Web Configuration Authentication Bypass", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "B426 Firmware", + "version": { + "version_data": [ + { + "version_value": "03.08", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "B426-CN/B429- CN Firmware", + "version": { + "version_data": [ + { + "version_value": "03.08", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "B426-M Firmware", + "version": { + "version_data": [ + { + "version_value": "03.10", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019." } ] + }, + "source": { + "advisory": "BOSCH-SA-196933-BT", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23846.json b/2021/23xxx/CVE-2021-23846.json index 20c7fd7fb0d..d621255459f 100644 --- a/2021/23xxx/CVE-2021-23846.json +++ b/2021/23xxx/CVE-2021-23846.json @@ -4,15 +4,94 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23846", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@bosch.com", + "DATE_PUBLIC": "2021-05-28", + "TITLE": "B426 Credential Disclosure ", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bosch", + "product": { + "product_data": [ + { + "product_name": "B426\u00a0Firmware", + "version": { + "version_data": [ + { + "version_value": "03.01.0004", + "version_affected": "=" + }, + { + "version_value": "03.02.002", + "version_affected": "=" + }, + { + "version_value": "03.05.0003", + "version_affected": "=" + }, + { + "version_value": "03.03.0009", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + } + }, + "references": { + "reference_data": [ + { + "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html", + "name": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021." } ] + }, + "source": { + "advisory": "BOSCH-SA-196933-BT", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27905.json b/2021/27xxx/CVE-2021-27905.json index f868b3f8ba7..d8bff4d67e5 100644 --- a/2021/27xxx/CVE-2021-27905.json +++ b/2021/27xxx/CVE-2021-27905.json @@ -73,6 +73,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210611-0009/", "url": "https://security.netapp.com/advisory/ntap-20210611-0009/" + }, + { + "refsource": "MLIST", + "name": "[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability", + "url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E" } ] }, diff --git a/2021/32xxx/CVE-2021-32954.json b/2021/32xxx/CVE-2021-32954.json index d7e3b52f2bb..386e9246311 100644 --- a/2021/32xxx/CVE-2021-32954.json +++ b/2021/32xxx/CVE-2021-32954.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess/SCADA", + "version": { + "version_data": [ + { + "version_value": "WebAccess/SCADA Versions 9.0.1 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RELATIVE PATH TRAVERSAL CWE-23" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system." } ] } diff --git a/2021/32xxx/CVE-2021-32956.json b/2021/32xxx/CVE-2021-32956.json index 72afcd55108..c4e03f55490 100644 --- a/2021/32xxx/CVE-2021-32956.json +++ b/2021/32xxx/CVE-2021-32956.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess/SCADA", + "version": { + "version_data": [ + { + "version_value": "WebAccess/SCADA Versions 9.0.1 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT') CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage." } ] } diff --git a/2021/3xxx/CVE-2021-3610.json b/2021/3xxx/CVE-2021-3610.json new file mode 100644 index 00000000000..aae8b9bccd3 --- /dev/null +++ b/2021/3xxx/CVE-2021-3610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file