From 0ad8200b5d55e9e24551279329fb172f1d8f5882 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 7 Jun 2021 15:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/0xxx/CVE-2019-0205.json | 5 + 2019/0xxx/CVE-2019-0210.json | 5 + 2020/13xxx/CVE-2020-13949.json | 5 + 2020/5xxx/CVE-2020-5008.json | 192 ++++++++++++++++----------------- 2021/20xxx/CVE-2021-20517.json | 180 +++++++++++++++---------------- 2021/31xxx/CVE-2021-31535.json | 40 +++++++ 2021/33xxx/CVE-2021-33907.json | 18 ++++ 2021/3xxx/CVE-2021-3530.json | 5 + 8 files changed, 264 insertions(+), 186 deletions(-) create mode 100644 2021/33xxx/CVE-2021-33907.json diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index e1d2fd8e362..45a06ef76de 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -208,6 +208,11 @@ "refsource": "MLIST", "name": "[cassandra-commits] 20210415 [jira] [Updated] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4", "url": "https://lists.apache.org/thread.html/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0@%3Ccommits.cassandra.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949", + "url": "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0210.json b/2019/0xxx/CVE-2019-0210.json index 9a879b901d4..765752eb4f9 100644 --- a/2019/0xxx/CVE-2019-0210.json +++ b/2019/0xxx/CVE-2019-0210.json @@ -83,6 +83,11 @@ "refsource": "MLIST", "name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205", "url": "https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949", + "url": "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E" } ] }, diff --git a/2020/13xxx/CVE-2020-13949.json b/2020/13xxx/CVE-2020-13949.json index a804e654381..91ad4764423 100644 --- a/2020/13xxx/CVE-2020-13949.json +++ b/2020/13xxx/CVE-2020-13949.json @@ -468,6 +468,11 @@ "refsource": "MLIST", "name": "[hive-issues] 20210530 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1", "url": "https://lists.apache.org/thread.html/rcae4c66f67e701db44d742156dee1f3e5e4e07ad7ce10c740a76b669@%3Cissues.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949", + "url": "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E" } ] }, diff --git a/2020/5xxx/CVE-2020-5008.json b/2020/5xxx/CVE-2020-5008.json index cbd0a6010f3..94fda00b442 100644 --- a/2020/5xxx/CVE-2020-5008.json +++ b/2020/5xxx/CVE-2020-5008.json @@ -1,99 +1,99 @@ { - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "DataPower Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "2018.4.1.0" - }, - { - "version_value" : "10.0.0.0" - }, - { - "version_value" : "10.0.1.0" - }, - { - "version_value" : "2018.4.1.14" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033." - } - ] - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6459681", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6459681 (DataPower Gateway)", - "url" : "https://www.ibm.com/support/pages/node/6459681" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193033", - "name" : "ibm-datapower-cve20205008-info-disc (193033)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2020-5008", - "DATE_PUBLIC" : "2021-06-04T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "L", - "I" : "N", - "UI" : "N", - "A" : "N", - "S" : "U", - "AC" : "H", - "PR" : "N", - "SCORE" : "3.700", - "AV" : "N" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - } -} + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "DataPower Gateway", + "version": { + "version_data": [ + { + "version_value": "2018.4.1.0" + }, + { + "version_value": "10.0.0.0" + }, + { + "version_value": "10.0.1.0" + }, + { + "version_value": "2018.4.1.14" + } + ] + } + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033." + } + ] + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6459681", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6459681 (DataPower Gateway)", + "url": "https://www.ibm.com/support/pages/node/6459681" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193033", + "name": "ibm-datapower-cve20205008-info-disc (193033)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-5008", + "DATE_PUBLIC": "2021-06-04T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "impact": { + "cvssv3": { + "BM": { + "C": "L", + "I": "N", + "UI": "N", + "A": "N", + "S": "U", + "AC": "H", + "PR": "N", + "SCORE": "3.700", + "AV": "N" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + } +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20517.json b/2021/20xxx/CVE-2021-20517.json index 99576231f2e..b40d0f88343 100644 --- a/2021/20xxx/CVE-2021-20517.json +++ b/2021/20xxx/CVE-2021-20517.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2021-05-27T00:00:00", - "ID" : "CVE-2021-20517" - }, - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 6456955 (WebSphere Application Server ND)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/6456955", - "url" : "https://www.ibm.com/support/pages/node/6456955" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198435", - "name" : "ibm-websphere-cve202120517-dir-traversal (198435)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_type" : "CVE", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - }, - "BM" : { - "UI" : "N", - "A" : "L", - "C" : "L", - "I" : "H", - "AV" : "N", - "AC" : "H", - "S" : "U", - "SCORE" : "6.400", - "PR" : "L" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "File Manipulation" - } - ] - } - ] - }, - "data_format" : "MITRE", - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2021-05-27T00:00:00", + "ID": "CVE-2021-20517" + }, + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - }, - "product_name" : "WebSphere Application Server ND" - } - ] - } + "title": "IBM Security Bulletin 6456955 (WebSphere Application Server ND)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/6456955", + "url": "https://www.ibm.com/support/pages/node/6456955" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198435", + "name": "ibm-websphere-cve202120517-dir-traversal (198435)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" } - ] - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435." - } - ] - }, - "data_version" : "4.0" -} + ] + }, + "data_type": "CVE", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "U", + "RC": "C" + }, + "BM": { + "UI": "N", + "A": "L", + "C": "L", + "I": "H", + "AV": "N", + "AC": "H", + "S": "U", + "SCORE": "6.400", + "PR": "L" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Manipulation" + } + ] + } + ] + }, + "data_format": "MITRE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + }, + "product_name": "WebSphere Application Server ND" + } + ] + } + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435." + } + ] + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31535.json b/2021/31xxx/CVE-2021-31535.json index 219f4330e6c..58dc0a12c2b 100644 --- a/2021/31xxx/CVE-2021-31535.json +++ b/2021/31xxx/CVE-2021-31535.json @@ -62,6 +62,36 @@ "refsource": "MISC", "name": "https://lists.freedesktop.org/archives/xorg/" }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210518 libX11 security advisory: May 18, 2021", + "url": "http://www.openwall.com/lists/oss-security/2021/05/18/2" + }, + { + "refsource": "FULLDISC", + "name": "20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology", + "url": "http://seclists.org/fulldisclosure/2021/May/52" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html", + "url": "http://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210524 [SECURITY] [DLA 2666-1] libx11 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00021.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4920", + "url": "https://www.debian.org/security/2021/dsa-4920" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202105-16", + "url": "https://security.gentoo.org/glsa/202105-16" + }, { "refsource": "MISC", "name": "https://www.openwall.com/lists/oss-security/2021/05/18/3", @@ -76,6 +106,16 @@ "refsource": "MISC", "name": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/", "url": "https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/" + }, + { + "refsource": "MISC", + "name": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html", + "url": "https://lists.x.org/archives/xorg-announce/2021-May/003088.html" + }, + { + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605", + "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605" } ] } diff --git a/2021/33xxx/CVE-2021-33907.json b/2021/33xxx/CVE-2021-33907.json new file mode 100644 index 00000000000..5be63481c5f --- /dev/null +++ b/2021/33xxx/CVE-2021-33907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3530.json b/2021/3xxx/CVE-2021-3530.json index 76ba0635f1b..8dc309fc9ee 100644 --- a/2021/3xxx/CVE-2021-3530.json +++ b/2021/3xxx/CVE-2021-3530.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956423" + }, + { + "refsource": "MISC", + "name": "https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch", + "url": "https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch" } ] },