From 114d8110364d7b4588acbea92e384ae7a2105f53 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 22 Feb 2021 02:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16621.json | 5 +++ 2019/20xxx/CVE-2019-20788.json | 5 +++ 2020/12xxx/CVE-2020-12049.json | 5 +++ 2020/12xxx/CVE-2020-12283.json | 5 +++ 2020/13xxx/CVE-2020-13163.json | 5 +++ 2020/13xxx/CVE-2020-13445.json | 5 +++ 2020/13xxx/CVE-2020-13482.json | 5 +++ 2020/27xxx/CVE-2020-27998.json | 5 +++ 2020/29xxx/CVE-2020-29529.json | 7 +++- 2021/24xxx/CVE-2021-24115.json | 66 ++++++++++++++++++++++++++++++---- 2021/26xxx/CVE-2021-26119.json | 56 +++++++++++++++++++++++++---- 2021/26xxx/CVE-2021-26120.json | 56 +++++++++++++++++++++++++---- 2021/3xxx/CVE-2021-3149.json | 61 +++++++++++++++++++++++++++---- 13 files changed, 261 insertions(+), 25 deletions(-) diff --git a/2018/16xxx/CVE-2018-16621.json b/2018/16xxx/CVE-2018-16621.json index a493d71e02c..946a22c138b 100644 --- a/2018/16xxx/CVE-2018-16621.json +++ b/2018/16xxx/CVE-2018-16621.json @@ -56,6 +56,11 @@ "name": "https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018", "refsource": "CONFIRM", "url": "https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype", + "url": "https://securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype" } ] } diff --git a/2019/20xxx/CVE-2019-20788.json b/2019/20xxx/CVE-2019-20788.json index 35eff0cb1f4..04b5e4f0e58 100644 --- a/2019/20xxx/CVE-2019-20788.json +++ b/2019/20xxx/CVE-2019-20788.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4407-1", "url": "https://usn.ubuntu.com/4407-1/" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient", + "url": "https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient" } ] } diff --git a/2020/12xxx/CVE-2020-12049.json b/2020/12xxx/CVE-2020-12049.json index c175bb0db80..96d72618e5b 100644 --- a/2020/12xxx/CVE-2020-12049.json +++ b/2020/12xxx/CVE-2020-12049.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-46", "url": "https://security.gentoo.org/glsa/202007-46" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak", + "url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak" } ] } diff --git a/2020/12xxx/CVE-2020-12283.json b/2020/12xxx/CVE-2020-12283.json index 770b5352ff0..c3d171533a2 100644 --- a/2020/12xxx/CVE-2020-12283.json +++ b/2020/12xxx/CVE-2020-12283.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md", "url": "https://github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-085-sourcegraph", + "url": "https://securitylab.github.com/advisories/GHSL-2020-085-sourcegraph" } ] } diff --git a/2020/13xxx/CVE-2020-13163.json b/2020/13xxx/CVE-2020-13163.json index 837add14de5..f4fd886b152 100644 --- a/2020/13xxx/CVE-2020-13163.json +++ b/2020/13xxx/CVE-2020-13163.json @@ -56,6 +56,11 @@ "url": "https://github.com/ConradIrwin/em-imap/issues/25", "refsource": "MISC", "name": "https://github.com/ConradIrwin/em-imap/issues/25" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-095-conradirwin-em-imap", + "url": "https://securitylab.github.com/advisories/GHSL-2020-095-conradirwin-em-imap" } ] } diff --git a/2020/13xxx/CVE-2020-13445.json b/2020/13xxx/CVE-2020-13445.json index f2daa754d3b..fbdf6e01655 100644 --- a/2020/13xxx/CVE-2020-13445.json +++ b/2020/13xxx/CVE-2020-13445.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://issues.liferay.com/browse/LPE-17023", "url": "https://issues.liferay.com/browse/LPE-17023" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce", + "url": "https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce" } ] } diff --git a/2020/13xxx/CVE-2020-13482.json b/2020/13xxx/CVE-2020-13482.json index 4e401fd4d1d..b0198459012 100644 --- a/2020/13xxx/CVE-2020-13482.json +++ b/2020/13xxx/CVE-2020-13482.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-8ccd750904", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z32PUJA6RGBZ3TKSOTGUXZ45662S3MVF/" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-094-igrigorik-em-http-request", + "url": "https://securitylab.github.com/advisories/GHSL-2020-094-igrigorik-em-http-request" } ] } diff --git a/2020/27xxx/CVE-2020-27998.json b/2020/27xxx/CVE-2020-27998.json index f78593d04d8..2d479d4537c 100644 --- a/2020/27xxx/CVE-2020-27998.json +++ b/2020/27xxx/CVE-2020-27998.json @@ -66,6 +66,11 @@ "url": "https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0", "refsource": "MISC", "name": "https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-143-FastReportsInc-FastReports", + "url": "https://securitylab.github.com/advisories/GHSL-2020-143-FastReportsInc-FastReports" } ] } diff --git a/2020/29xxx/CVE-2020-29529.json b/2020/29xxx/CVE-2020-29529.json index 6a709efe670..6d62e9d111b 100644 --- a/2020/29xxx/CVE-2020-29529.json +++ b/2020/29xxx/CVE-2020-29529.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "HashiCorp go-slug up to 0.4.3 did not fully protect against Zip Slip attacks while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0." + "value": "HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0." } ] }, @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/hashicorp/go-slug/pull/12", "url": "https://github.com/hashicorp/go-slug/pull/12" + }, + { + "refsource": "MISC", + "name": "https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug", + "url": "https://securitylab.github.com/advisories/GHSL-2020-262-zipslip-go-slug" } ] } diff --git a/2021/24xxx/CVE-2021-24115.json b/2021/24xxx/CVE-2021-24115.json index 373fe4c76ed..70a47e55fd7 100644 --- a/2021/24xxx/CVE-2021-24115.json +++ b/2021/24xxx/CVE-2021-24115.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-24115", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-24115", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/randombit/botan/compare/2.17.2...2.17.3", + "refsource": "MISC", + "name": "https://github.com/randombit/botan/compare/2.17.2...2.17.3" + }, + { + "refsource": "MISC", + "name": "https://github.com/randombit/botan/pull/2549", + "url": "https://github.com/randombit/botan/pull/2549" + }, + { + "refsource": "CONFIRM", + "name": "https://botan.randombit.net/news.html", + "url": "https://botan.randombit.net/news.html" } ] } diff --git a/2021/26xxx/CVE-2021-26119.json b/2021/26xxx/CVE-2021-26119.json index f45f45ac56e..260cfa539c1 100644 --- a/2021/26xxx/CVE-2021-26119.json +++ b/2021/26xxx/CVE-2021-26119.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26119", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26119", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md", + "refsource": "MISC", + "name": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md" } ] } diff --git a/2021/26xxx/CVE-2021-26120.json b/2021/26xxx/CVE-2021-26120.json index e7d8f2fbf94..a31a54ab5e0 100644 --- a/2021/26xxx/CVE-2021-26120.json +++ b/2021/26xxx/CVE-2021-26120.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26120", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26120", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md", + "refsource": "MISC", + "name": "https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md" } ] } diff --git a/2021/3xxx/CVE-2021-3149.json b/2021/3xxx/CVE-2021-3149.json index d99e95bfa28..d42c1c5a2a0 100644 --- a/2021/3xxx/CVE-2021-3149.json +++ b/2021/3xxx/CVE-2021-3149.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-3149", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-3149", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.netshieldcorp.com/netshield-appliances/", + "refsource": "MISC", + "name": "https://www.netshieldcorp.com/netshield-appliances/" + }, + { + "refsource": "MISC", + "name": "https://www.digitaldefense.com/resources/vulnerability-research/netshield-corporation-nano-25/", + "url": "https://www.digitaldefense.com/resources/vulnerability-research/netshield-corporation-nano-25/" } ] }