admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-18 14:00:47 +00:00
parent a8db9e3786
commit ecca50fb1f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 308 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/12xxx/CVE-2017-12629.json
View File

@ -182,6 +182,11 @@
"name": "https://twitter.com/joshbressers/status/919258716297420802", "name": "https://twitter.com/joshbressers/status/919258716297420802",
"refsource": "MISC", "refsource": "MISC",
"url": "https://twitter.com/joshbressers/status/919258716297420802" "url": "https://twitter.com/joshbressers/status/919258716297420802"
},
{
"refsource": "MLIST",
"name": "[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E"
} }
] ]
} }

14
2018/14xxx/CVE-2018-14639.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14639",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-14639",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
} }
] ]
} }

5
2019/0xxx/CVE-2019-0193.json
View File

@ -138,6 +138,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", "name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves",
"url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E" "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E"
} }
] ]
}, },

95
2021/23xxx/CVE-2021-23845.json
View File

@ -4,15 +4,104 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-23845", "ID": "CVE-2021-23845",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@bosch.com",
"STATE": "RESERVED" "DATE_PUBLIC": "2021-05-28",
"TITLE": "B426 Web Configuration Authentication Bypass",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "B426 Firmware",
"version": {
"version_data": [
{
"version_value": "03.08",
"version_affected": "<"
}
]
}
},
{
"product_name": "B426-CN/B429- CN Firmware",
"version": {
"version_data": [
{
"version_value": "03.08",
"version_affected": "<"
}
]
}
},
{
"product_name": "B426-M Firmware",
"version": {
"version_data": [
{
"version_value": "03.10",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html",
"name": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html",
"refsource": "CONFIRM"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019."
} }
] ]
},
"source": {
"advisory": "BOSCH-SA-196933-BT",
"discovery": "UNKNOWN"
} }
} }

85
2021/23xxx/CVE-2021-23846.json
View File

@ -4,15 +4,94 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-23846", "ID": "CVE-2021-23846",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@bosch.com",
"STATE": "RESERVED" "DATE_PUBLIC": "2021-05-28",
"TITLE": "B426 Credential Disclosure ",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Bosch",
"product": {
"product_data": [
{
"product_name": "B426\u00a0Firmware",
"version": {
"version_data": [
{
"version_value": "03.01.0004",
"version_affected": "="
},
{
"version_value": "03.02.002",
"version_affected": "="
},
{
"version_value": "03.05.0003",
"version_affected": "="
},
{
"version_value": "03.03.0009",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html",
"name": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html",
"refsource": "CONFIRM"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021."
} }
] ]
},
"source": {
"advisory": "BOSCH-SA-196933-BT",
"discovery": "UNKNOWN"
} }
} }

5
2021/27xxx/CVE-2021-27905.json
View File

@ -73,6 +73,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210611-0009/", "name": "https://security.netapp.com/advisory/ntap-20210611-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210611-0009/" "url": "https://security.netapp.com/advisory/ntap-20210611-0009/"
},
{
"refsource": "MLIST",
"name": "[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability",
"url": "https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E"
} }
] ]
}, },

50
2021/32xxx/CVE-2021-32954.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-32954", "ID": "CVE-2021-32954",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess/SCADA",
"version": {
"version_data": [
{
"version_value": "WebAccess/SCADA Versions 9.0.1 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RELATIVE PATH TRAVERSAL CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system."
} }
] ]
} }

50
2021/32xxx/CVE-2021-32956.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-32956", "ID": "CVE-2021-32956",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess/SCADA",
"version": {
"version_data": [
{
"version_value": "WebAccess/SCADA Versions 9.0.1 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT') CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage."
} }
] ]
} }

18
2021/3xxx/CVE-2021-3610.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3610",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}