"-Synchronized-Data."

Author: cve-team

2017/4xxx/CVE-2017-4965.json

@@ -1,6 +1,6 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "security_alert@emc.com",
+        "ASSIGNER": "secure@dell.com",
         "ID": "CVE-2017-4965",
         "STATE": "PUBLIC"
     },
@@ -61,6 +61,11 @@
                 "name": "https://pivotal.io/security/cve-2017-4965",
                 "refsource": "CONFIRM",
                 "url": "https://pivotal.io/security/cve-2017-4965"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
             }
         ]
     }

2017/4xxx/CVE-2017-4966.json

@@ -1,6 +1,6 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "security_alert@emc.com",
+        "ASSIGNER": "secure@dell.com",
         "ID": "CVE-2017-4966",
         "STATE": "PUBLIC"
     },
@@ -56,6 +56,11 @@
                 "name": "https://pivotal.io/security/cve-2017-4966",
                 "refsource": "CONFIRM",
                 "url": "https://pivotal.io/security/cve-2017-4966"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
             }
         ]
     }

2017/4xxx/CVE-2017-4967.json

@@ -1,6 +1,6 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "security_alert@emc.com",
+        "ASSIGNER": "secure@dell.com",
         "ID": "CVE-2017-4967",
         "STATE": "PUBLIC"
     },
@@ -56,6 +56,11 @@
                 "name": "https://pivotal.io/security/cve-2017-4965",
                 "refsource": "CONFIRM",
                 "url": "https://pivotal.io/security/cve-2017-4965"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
             }
         ]
     }

2019/11xxx/CVE-2019-11281.json

@@ -92,6 +92,11 @@
                 "refsource": "REDHAT",
                 "name": "RHSA-2020:0078",
                 "url": "https://access.redhat.com/errata/RHSA-2020:0078"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
             }
         ]
     },

2019/11xxx/CVE-2019-11287.json

@@ -105,6 +105,11 @@
                 "refsource": "MISC",
                 "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin",
                 "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
             }
         ]
     },

2021/22xxx/CVE-2021-22116.json

@@ -48,6 +48,11 @@
                 "refsource": "MISC",
                 "name": "https://tanzu.vmware.com/security/cve-2021-22116",
                 "url": "https://tanzu.vmware.com/security/cve-2021-22116"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
+                "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
             }
         ]
     },

2021/31xxx/CVE-2021-31590.json

@@ -1,17 +1,71 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
-        "ID": "CVE-2021-31590",
         "ASSIGNER": "[email protected]",
-        "STATE": "RESERVED"
+        "ID": "CVE-2021-31590",
+        "STATE": "PUBLIC"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "PwnDoc through 2021-04-22 has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the \"user\" privilege. Even after a user's account is deleted, the user can still access the administration panel (and add or delete users) and has complete access to the system."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/pwndoc/pwndoc/security/advisories",
+                "refsource": "MISC",
+                "name": "https://github.com/pwndoc/pwndoc/security/advisories"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/pwndoc/pwndoc/pull/128",
+                "url": "https://github.com/pwndoc/pwndoc/pull/128"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/pwndoc/pwndoc/pull/74",
+                "url": "https://github.com/pwndoc/pwndoc/pull/74"
             }
         ]
     }

2021/34xxx/CVE-2021-34617.json

@@ -4,14 +4,70 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-34617",
-        "ASSIGNER": "[email protected]",
-        "STATE": "RESERVED"
+        "ASSIGNER": "[email protected]",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Aruba Instant Access Points",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 6.5.x: 6.5.4.13 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 8.3.x: 8.3.0.7 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 8.4.x: 8.4.0.5 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 8.5.x: 8.5.0.0 and below"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "remote cross-site scripting (XSS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
+                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x: 6.5.4.13 and below; Aruba Instant 8.3.x: 8.3.0.7 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
             }
         ]
     }

2021/34xxx/CVE-2021-34618.json

@@ -4,14 +4,76 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-34618",
-        "ASSIGNER": "[email protected]",
-        "STATE": "RESERVED"
+        "ASSIGNER": "[email protected]",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Aruba Instant Access Points",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 6.5.x: 6.5.4.18 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 8.3.x: 8.3.0.14 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 8.4.x: All versions"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 8.5.x: 8.5.0.11 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 8.6.x: 8.6.0.7 and below"
+                                        },
+                                        {
+                                            "version_value": "Aruba Instant 8.7.x: 8.7.1.1 and below"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "remote denial of service (DoS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt",
+                "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability."
             }
         ]
     }