From 0f4a356e43b9d13299c3d00befdb2f56c8a0bb06 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 9 Jul 2021 11:00:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2012/1xxx/CVE-2012-1102.json | 63 +++++++++++++++++++++++++---- 2012/2xxx/CVE-2012-2666.json | 73 ++++++++++++++++++++++++++++++---- 2020/1xxx/CVE-2020-1927.json | 5 +++ 2020/1xxx/CVE-2020-1934.json | 5 +++ 2020/35xxx/CVE-2020-35452.json | 5 +++ 2021/26xxx/CVE-2021-26690.json | 5 +++ 2021/26xxx/CVE-2021-26691.json | 5 +++ 2021/30xxx/CVE-2021-30641.json | 5 +++ 2021/31xxx/CVE-2021-31618.json | 5 +++ 2021/32xxx/CVE-2021-32972.json | 50 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3570.json | 50 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3571.json | 50 +++++++++++++++++++++-- 2021/3xxx/CVE-2021-3612.json | 55 +++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3637.json | 50 +++++++++++++++++++++-- 14 files changed, 397 insertions(+), 29 deletions(-) diff --git a/2012/1xxx/CVE-2012-1102.json b/2012/1xxx/CVE-2012-1102.json index 1e5e1504084..2e4566e5a3d 100644 --- a/2012/1xxx/CVE-2012-1102.json +++ b/2012/1xxx/CVE-2012-1102.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-1102", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-1102", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "perl-xml-atom", + "version": { + "version_data": [ + { + "version_value": "perl-xml-atom 0.39" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes", + "url": "https://metacpan.org/release/MIYAGAWA/XML-Atom-0.39/source/Changes" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2012/q1/549", + "url": "https://seclists.org/oss-sec/2012/q1/549" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used." } ] } diff --git a/2012/2xxx/CVE-2012-2666.json b/2012/2xxx/CVE-2012-2666.json index 0e477fb39ab..1299a9826e4 100644 --- a/2012/2xxx/CVE-2012-2666.json +++ b/2012/2xxx/CVE-2012-2666.json @@ -1,17 +1,76 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2012-2666", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2666", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "go/golang", + "version": { + "version_data": [ + { + "version_value": "go/golang 1.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666", + "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2666" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=765455", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=765455" + }, + { + "refsource": "MISC", + "name": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd", + "url": "https://github.com/golang/go/commit/8ac275bb01588a8c0e6c0fe2de7fd11f08feccdd" + }, + { + "refsource": "MISC", + "name": "https://codereview.appspot.com/5992078", + "url": "https://codereview.appspot.com/5992078" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script." } ] } diff --git a/2020/1xxx/CVE-2020-1927.json b/2020/1xxx/CVE-2020-1927.json index 314fc6ce8bc..fe92f2944d0 100644 --- a/2020/1xxx/CVE-2020-1927.json +++ b/2020/1xxx/CVE-2020-1927.json @@ -168,6 +168,11 @@ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuApr2021.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1934.json b/2020/1xxx/CVE-2020-1934.json index bc29101e372..2e2893092aa 100644 --- a/2020/1xxx/CVE-2020-1934.json +++ b/2020/1xxx/CVE-2020-1934.json @@ -153,6 +153,11 @@ "refsource": "MLIST", "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" } ] }, diff --git a/2020/35xxx/CVE-2020-35452.json b/2020/35xxx/CVE-2020-35452.json index 63fc635703b..d5818030094 100644 --- a/2020/35xxx/CVE-2020-35452.json +++ b/2020/35xxx/CVE-2020-35452.json @@ -238,6 +238,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210702-0001/", "url": "https://security.netapp.com/advisory/ntap-20210702-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" } ] }, diff --git a/2021/26xxx/CVE-2021-26690.json b/2021/26xxx/CVE-2021-26690.json index d0371135dcd..0c7434e4c04 100644 --- a/2021/26xxx/CVE-2021-26690.json +++ b/2021/26xxx/CVE-2021-26690.json @@ -238,6 +238,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210702-0001/", "url": "https://security.netapp.com/advisory/ntap-20210702-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" } ] }, diff --git a/2021/26xxx/CVE-2021-26691.json b/2021/26xxx/CVE-2021-26691.json index ae9fda9d122..70cf5136c88 100644 --- a/2021/26xxx/CVE-2021-26691.json +++ b/2021/26xxx/CVE-2021-26691.json @@ -238,6 +238,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210702-0001/", "url": "https://security.netapp.com/advisory/ntap-20210702-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" } ] }, diff --git a/2021/30xxx/CVE-2021-30641.json b/2021/30xxx/CVE-2021-30641.json index 701adb4ca93..63ccbcf1b8d 100644 --- a/2021/30xxx/CVE-2021-30641.json +++ b/2021/30xxx/CVE-2021-30641.json @@ -113,6 +113,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210702-0001/", "url": "https://security.netapp.com/advisory/ntap-20210702-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" } ] }, diff --git a/2021/31xxx/CVE-2021-31618.json b/2021/31xxx/CVE-2021-31618.json index a0e3c6c2e76..4aa527f33d7 100644 --- a/2021/31xxx/CVE-2021-31618.json +++ b/2021/31xxx/CVE-2021-31618.json @@ -102,6 +102,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-181f29c392", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" } ] }, diff --git a/2021/32xxx/CVE-2021-32972.json b/2021/32xxx/CVE-2021-32972.json index 86a1e3a12ad..6ed18cff8ce 100644 --- a/2021/32xxx/CVE-2021-32972.json +++ b/2021/32xxx/CVE-2021-32972.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Panasonic FPWIN Pro", + "version": { + "version_data": [ + { + "version_value": "All Versions 7.5.1.1 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software." } ] } diff --git a/2021/3xxx/CVE-2021-3570.json b/2021/3xxx/CVE-2021-3570.json index daba4ef3316..a51eca770d7 100644 --- a/2021/3xxx/CVE-2021-3570.json +++ b/2021/3xxx/CVE-2021-3570.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "linuxptp", + "version": { + "version_data": [ + { + "version_value": "linuxptp 3.1.1, linuxptp 2.0.1, linuxptp 1.9.3, linuxptp 1.8.1, linuxptp 1.7.1, linuxptp 1.6.1, linuxptp 1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1966240", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966240" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1." } ] } diff --git a/2021/3xxx/CVE-2021-3571.json b/2021/3xxx/CVE-2021-3571.json index 68677cf3d55..5c6a545630d 100644 --- a/2021/3xxx/CVE-2021-3571.json +++ b/2021/3xxx/CVE-2021-3571.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "linuxptp", + "version": { + "version_data": [ + { + "version_value": "linuxptp 3.1.1, linuxptp 2.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1966241", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966241" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1." } ] } diff --git a/2021/3xxx/CVE-2021-3612.json b/2021/3xxx/CVE-2021-3612.json index 88b85d2e946..f3e8ac68694 100644 --- a/2021/3xxx/CVE-2021-3612.json +++ b/2021/3xxx/CVE-2021-3612.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "kernel 5.9-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20->CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1974079", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974079" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/", + "url": "https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." } ] } diff --git a/2021/3xxx/CVE-2021-3637.json b/2021/3xxx/CVE-2021-3637.json index 0fb5e29acf1..3c0f184dc9e 100644 --- a/2021/3xxx/CVE-2021-3637.json +++ b/2021/3xxx/CVE-2021-3637.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "keycloak-model-infinispan", + "version": { + "version_data": [ + { + "version_value": "keycloak 14.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1979638", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979638" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack." } ] }