"-Synchronized-Data."

2016/1xxx/CVE-2016-1575.json

@@ -76,6 +76,11 @@
                 "name": "[oss-security] 20160224 User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs",
                 "refsource": "MLIST",
                 "url": "http://www.openwall.com/lists/oss-security/2016/02/24/7"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up",
+                "url": "http://www.openwall.com/lists/oss-security/2021/10/18/1"
             }
         ]
     }

2016/1xxx/CVE-2016-1576.json

@@ -86,6 +86,11 @@
                 "name": "http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/",
                 "refsource": "MISC",
                 "url": "http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up",
+                "url": "http://www.openwall.com/lists/oss-security/2021/10/18/1"
             }
         ]
     }

2016/2xxx/CVE-2016-2853.json

@@ -71,6 +71,11 @@
                 "name": "[aufs] 20160219 aufs3 and aufs4 GIT release",
                 "refsource": "MLIST",
                 "url": "https://sourceforge.net/p/aufs/mailman/message/34864744/"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20211018 Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up",
+                "url": "http://www.openwall.com/lists/oss-security/2021/10/18/1"
             }
         ]
     }

2021/41xxx/CVE-2021-41151.json

@@ -35,7 +35,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": " Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack is very visible given that the exfiltration happens via a pull request. The vulnerability is patched in the `0.15.9` release of `@backstage/plugin-scaffolder-backend`."
+                "value": "Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack is very visible given that the exfiltration happens via a pull request. The vulnerability is patched in the `0.15.9` release of `@backstage/plugin-scaffolder-backend`."
             }
         ]
     },

2021/42xxx/CVE-2021-42650.json

@@ -1,17 +1,66 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
-        "ID": "CVE-2021-42650",
         "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2021-42650",
+        "STATE": "PUBLIC"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/portainer/portainer/pull/5766",
+                "refsource": "MISC",
+                "name": "https://github.com/portainer/portainer/pull/5766"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/purple-WL/Security-vulnerability/blob/main/Portainer%20Custom%20Templates%20xss",
+                "url": "https://github.com/purple-WL/Security-vulnerability/blob/main/Portainer%20Custom%20Templates%20xss"
             }
         ]
     }