diff --git a/2021/26xxx/CVE-2021-26797.json b/2021/26xxx/CVE-2021-26797.json index 221954ecf20..7954f91ef6a 100644 --- a/2021/26xxx/CVE-2021-26797.json +++ b/2021/26xxx/CVE-2021-26797.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26797", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26797", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://le0nc.blogspot.com/2021/04/cve-2021-26797-access-control.html", + "url": "https://le0nc.blogspot.com/2021/04/cve-2021-26797-access-control.html" } ] } diff --git a/2021/28xxx/CVE-2021-28079.json b/2021/28xxx/CVE-2021-28079.json index 64b49a0ba02..648dda90072 100644 --- a/2021/28xxx/CVE-2021-28079.json +++ b/2021/28xxx/CVE-2021-28079.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28079", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28079", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.jamovi.org", + "refsource": "MISC", + "name": "https://www.jamovi.org" + }, + { + "refsource": "MISC", + "name": "https://github.com/theart42/cves/blob/master/CVE-2021-28079/CVE-2021-28079.md", + "url": "https://github.com/theart42/cves/blob/master/CVE-2021-28079/CVE-2021-28079.md" } ] } diff --git a/2021/28xxx/CVE-2021-28927.json b/2021/28xxx/CVE-2021-28927.json index b54e8f263c6..9d75b1e6f9f 100644 --- a/2021/28xxx/CVE-2021-28927.json +++ b/2021/28xxx/CVE-2021-28927.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The text-to-speech engine in libretro RetroArch for Windows 0.11 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names." + "value": "The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names." } ] }, diff --git a/2021/31xxx/CVE-2021-31805.json b/2021/31xxx/CVE-2021-31805.json new file mode 100644 index 00000000000..69f85a08ed1 --- /dev/null +++ b/2021/31xxx/CVE-2021-31805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3497.json b/2021/3xxx/CVE-2021-3497.json index 99ceb95915a..bce9b90a28f 100644 --- a/2021/3xxx/CVE-2021-3497.json +++ b/2021/3xxx/CVE-2021-3497.json @@ -58,6 +58,11 @@ "refsource": "DEBIAN", "name": "DSA-4900", "url": "https://www.debian.org/security/2021/dsa-4900" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210426 [SECURITY] [DLA 2640-1] gst-plugins-good1.0 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00027.html" } ] },