From 134f4fdbdfba3d00c4becf4685b0fd8aac0ba17d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Apr 2021 16:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12351.json | 5 +++ 2020/12xxx/CVE-2020-12352.json | 5 +++ 2021/1xxx/CVE-2021-1629.json | 5 +++ 2021/21xxx/CVE-2021-21409.json | 30 ++++++++++++++++++ 2021/26xxx/CVE-2021-26709.json | 5 +++ 2021/27xxx/CVE-2021-27522.json | 56 ++++++++++++++++++++++++++++++---- 2021/28xxx/CVE-2021-28165.json | 15 +++++++++ 2021/30xxx/CVE-2021-30147.json | 5 +++ 2021/30xxx/CVE-2021-30149.json | 5 +++ 9 files changed, 125 insertions(+), 6 deletions(-) diff --git a/2020/12xxx/CVE-2020-12351.json b/2020/12xxx/CVE-2020-12351.json index 4f9ee232061..76ea17aecb2 100644 --- a/2020/12xxx/CVE-2020-12351.json +++ b/2020/12xxx/CVE-2020-12351.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html?wapkw=CVE-2020-12351" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html" } ] }, diff --git a/2020/12xxx/CVE-2020-12352.json b/2020/12xxx/CVE-2020-12352.json index 440492dff68..185afe93c4c 100644 --- a/2020/12xxx/CVE-2020-12352.json +++ b/2020/12xxx/CVE-2020-12352.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", "url": "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/162131/Linux-Kernel-5.4-BleedingTooth-Remote-Code-Execution.html" } ] }, diff --git a/2021/1xxx/CVE-2021-1629.json b/2021/1xxx/CVE-2021-1629.json index b14521b00e4..fbbce5c4fd2 100644 --- a/2021/1xxx/CVE-2021-1629.json +++ b/2021/1xxx/CVE-2021-1629.json @@ -53,6 +53,11 @@ "refsource": "FULLDISC", "name": "20210408 [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629)", "url": "http://seclists.org/fulldisclosure/2021/Apr/22" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html", + "url": "http://packetstormsecurity.com/files/162138/Tableau-Server-Open-Redirection.html" } ] }, diff --git a/2021/21xxx/CVE-2021-21409.json b/2021/21xxx/CVE-2021-21409.json index 815a46af7fe..7188ca974e7 100644 --- a/2021/21xxx/CVE-2021-21409.json +++ b/2021/21xxx/CVE-2021-21409.json @@ -133,6 +133,36 @@ "refsource": "MLIST", "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", "url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409", + "url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E" } ] }, diff --git a/2021/26xxx/CVE-2021-26709.json b/2021/26xxx/CVE-2021-26709.json index 83c2c18ca75..f8281ee3eeb 100644 --- a/2021/26xxx/CVE-2021-26709.json +++ b/2021/26xxx/CVE-2021-26709.json @@ -66,6 +66,11 @@ "refsource": "FULLDISC", "name": "20210408 CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem", "url": "http://seclists.org/fulldisclosure/2021/Apr/15" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162133/D-Link-DSL-320B-D1-Pre-Authentication-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/162133/D-Link-DSL-320B-D1-Pre-Authentication-Buffer-Overflow.html" } ] } diff --git a/2021/27xxx/CVE-2021-27522.json b/2021/27xxx/CVE-2021-27522.json index aa66e6acc23..e98f216e30e 100644 --- a/2021/27xxx/CVE-2021-27522.json +++ b/2021/27xxx/CVE-2021-27522.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27522", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27522", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/WaterCountry/Learnsite/issues/1", + "url": "https://github.com/WaterCountry/Learnsite/issues/1" } ] } diff --git a/2021/28xxx/CVE-2021-28165.json b/2021/28xxx/CVE-2021-28165.json index 041630f80f7..6ddf04e2dc8 100644 --- a/2021/28xxx/CVE-2021-28165.json +++ b/2021/28xxx/CVE-2021-28165.json @@ -347,6 +347,21 @@ "refsource": "MLIST", "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165", "url": "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187@%3Creviews.spark.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165", + "url": "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad@%3Creviews.spark.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", + "url": "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e@%3Creviews.spark.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165", + "url": "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5@%3Creviews.spark.apache.org%3E" } ] } diff --git a/2021/30xxx/CVE-2021-30147.json b/2021/30xxx/CVE-2021-30147.json index 907958a23ad..0013525d642 100644 --- a/2021/30xxx/CVE-2021-30147.json +++ b/2021/30xxx/CVE-2021-30147.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/1d8/publications/tree/main/cve-2021-30147", "url": "https://github.com/1d8/publications/tree/main/cve-2021-30147" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162136/DMA-Radius-Manager-4.4.0-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/162136/DMA-Radius-Manager-4.4.0-Cross-Site-Request-Forgery.html" } ] } diff --git a/2021/30xxx/CVE-2021-30149.json b/2021/30xxx/CVE-2021-30149.json index fbaaadadba1..4cacf804a13 100644 --- a/2021/30xxx/CVE-2021-30149.json +++ b/2021/30xxx/CVE-2021-30149.json @@ -56,6 +56,11 @@ "url": "https://gitlab.com/composr-foundation/composr/commit/a71c44e03", "refsource": "MISC", "name": "https://gitlab.com/composr-foundation/composr/commit/a71c44e03" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162128/Composr-10.0.36-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/162128/Composr-10.0.36-Shell-Upload.html" } ] }