diff --git a/2020/24xxx/CVE-2020-24635.json b/2020/24xxx/CVE-2020-24635.json index 86893555112..d13eb0caca8 100644 --- a/2020/24xxx/CVE-2020-24635.json +++ b/2020/24xxx/CVE-2020-24635.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant Access Points", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below" + }, + { + "version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below" + }, + { + "version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below" + }, + { + "version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below" + }, + { + "version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote execution of arbitrary commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability." } ] } diff --git a/2020/24xxx/CVE-2020-24636.json b/2020/24xxx/CVE-2020-24636.json index d0ffc63d097..d57f53bbc61 100644 --- a/2020/24xxx/CVE-2020-24636.json +++ b/2020/24xxx/CVE-2020-24636.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant Access Points", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.5.x: 6.5.4.17 and below" + }, + { + "version_value": "Aruba Instant 8.3.x: 8.3.0.13 and below" + }, + { + "version_value": "Aruba Instant 8.5.x: 8.5.0.10 and below" + }, + { + "version_value": "Aruba Instant 8.6.x: 8.6.0.5 and below" + }, + { + "version_value": "Aruba Instant 8.7.x: 8.7.0.0 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote execution of arbitrary commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability." } ] } diff --git a/2020/25xxx/CVE-2020-25577.json b/2020/25xxx/CVE-2020-25577.json index e0a3eaf1c5f..a74ee504274 100644 --- a/2020/25xxx/CVE-2020-25577.json +++ b/2020/25xxx/CVE-2020-25577.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow." } ] } diff --git a/2020/25xxx/CVE-2020-25583.json b/2020/25xxx/CVE-2020-25583.json index 1eaec2974d2..dbc8d7c474a 100644 --- a/2020/25xxx/CVE-2020-25583.json +++ b/2020/25xxx/CVE-2020-25583.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer." } ] } diff --git a/2020/35xxx/CVE-2020-35137.json b/2020/35xxx/CVE-2020-35137.json index 35bb2b40c0c..cb400a4dfb8 100644 --- a/2020/35xxx/CVE-2020-35137.json +++ b/2020/35xxx/CVE-2020-35137.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35137", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35137", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US", + "refsource": "MISC", + "name": "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US" + }, + { + "refsource": "MISC", + "name": "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration", + "url": "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration" + }, + { + "refsource": "MISC", + "name": "https://github.com/optiv/rustyIron", + "url": "https://github.com/optiv/rustyIron" } ] } diff --git a/2020/35xxx/CVE-2020-35138.json b/2020/35xxx/CVE-2020-35138.json index ad5bb26afea..2a06da52d37 100644 --- a/2020/35xxx/CVE-2020-35138.json +++ b/2020/35xxx/CVE-2020-35138.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35138", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35138", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The keys is in the com/mobileiron/common/utils/C4928m.java file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US", + "refsource": "MISC", + "name": "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US" + }, + { + "refsource": "MISC", + "name": "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration", + "url": "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration" + }, + { + "refsource": "MISC", + "name": "https://github.com/optiv/rustyIron", + "url": "https://github.com/optiv/rustyIron" } ] } diff --git a/2021/25xxx/CVE-2021-25143.json b/2021/25xxx/CVE-2021-25143.json index 33da52ecef1..038693ece14 100644 --- a/2021/25xxx/CVE-2021-25143.json +++ b/2021/25xxx/CVE-2021-25143.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-25143", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant Access Points", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below" + }, + { + "version_value": "Aruba Instant 8.5.x: 8.5.0.9 and below" + }, + { + "version_value": "Aruba Instant 8.6.x: 8.6.0.4 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote denial of service (dos)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability." } ] } diff --git a/2021/25xxx/CVE-2021-25144.json b/2021/25xxx/CVE-2021-25144.json index 83276290c61..7cb19c92783 100644 --- a/2021/25xxx/CVE-2021-25144.json +++ b/2021/25xxx/CVE-2021-25144.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-25144", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Aruba Instant Access Points", + "version": { + "version_data": [ + { + "version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below" + }, + { + "version_value": "Aruba Instant 6.5.x: 6.5.4.16 and below" + }, + { + "version_value": "Aruba Instant 8.3.x: 8.3.0.12 and below" + }, + { + "version_value": "Aruba Instant 8.5.x: 8.5.0.6 and below" + }, + { + "version_value": "Aruba Instant 8.6.x: 8.6.0.2 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt", + "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability." } ] } diff --git a/2021/26xxx/CVE-2021-26714.json b/2021/26xxx/CVE-2021-26714.json index d94e7b4e7cc..479d1bbbe2b 100644 --- a/2021/26xxx/CVE-2021-26714.json +++ b/2021/26xxx/CVE-2021-26714.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26714", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26714", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0003", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0003" } ] } diff --git a/2021/28xxx/CVE-2021-28668.json b/2021/28xxx/CVE-2021-28668.json index ae2c3411bf2..42cedd93ae2 100644 --- a/2021/28xxx/CVE-2021-28668.json +++ b/2021/28xxx/CVE-2021-28668.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28668", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28668", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 has several SQL injection vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf", + "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf" } ] } diff --git a/2021/28xxx/CVE-2021-28669.json b/2021/28xxx/CVE-2021-28669.json index d947d41a654..8f15592e2a3 100644 --- a/2021/28xxx/CVE-2021-28669.json +++ b/2021/28xxx/CVE-2021-28669.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28669", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28669", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf", + "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf" } ] } diff --git a/2021/28xxx/CVE-2021-28673.json b/2021/28xxx/CVE-2021-28673.json index 07ca33b3e76..2ae14c55328 100644 --- a/2021/28xxx/CVE-2021-28673.json +++ b/2021/28xxx/CVE-2021-28673.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28673", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28673", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with \"a weaponized clone file\" to execute arbitrary commands in the Web User Interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20K_for_PH6510_WC6515_VLB4xx_C4xx_B6XX_B70xx_C5xx_C6xx_C7xxx.pdf", + "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20K_for_PH6510_WC6515_VLB4xx_C4xx_B6XX_B70xx_C5xx_C6xx_C7xxx.pdf" } ] } diff --git a/2021/29xxx/CVE-2021-29422.json b/2021/29xxx/CVE-2021-29422.json new file mode 100644 index 00000000000..68c36205d02 --- /dev/null +++ b/2021/29xxx/CVE-2021-29422.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29422", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3391.json b/2021/3xxx/CVE-2021-3391.json index 8a1b43d06db..047ec1a6d8a 100644 --- a/2021/3xxx/CVE-2021-3391.json +++ b/2021/3xxx/CVE-2021-3391.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-3391", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-3391", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mobileiron.com/en/blog/mobileiron-security-updates-available", + "refsource": "MISC", + "name": "https://www.mobileiron.com/en/blog/mobileiron-security-updates-available" + }, + { + "refsource": "MISC", + "name": "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration", + "url": "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration" + }, + { + "refsource": "MISC", + "name": "https://github.com/optiv/rustyIron", + "url": "https://github.com/optiv/rustyIron" } ] } diff --git a/2021/3xxx/CVE-2021-3474.json b/2021/3xxx/CVE-2021-3474.json new file mode 100644 index 00000000000..245363c2f3e --- /dev/null +++ b/2021/3xxx/CVE-2021-3474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3474", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3475.json b/2021/3xxx/CVE-2021-3475.json new file mode 100644 index 00000000000..676e852ccfa --- /dev/null +++ b/2021/3xxx/CVE-2021-3475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3476.json b/2021/3xxx/CVE-2021-3476.json new file mode 100644 index 00000000000..fbe722edc6e --- /dev/null +++ b/2021/3xxx/CVE-2021-3476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3476", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file