Updating CVSS scores

2021/21xxx/CVE-2021-21777.json

@@ -58,5 +58,13 @@
                 "value": "An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": 8.6,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
+            "version": "3.0"
+        }
     }
 }

2021/21xxx/CVE-2021-21806.json

@@ -63,5 +63,13 @@
                 "value": "An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": 8.8,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "version": "3.0"
+        }
     }
 }

2021/21xxx/CVE-2021-21809.json

@@ -63,5 +63,13 @@
                 "value": "A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": 8.2,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
+            "version": "3.0"
+        }
     }
 }

2021/21xxx/CVE-2021-21812.json

@@ -58,5 +58,13 @@
                 "value": "A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs\u2019 Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": 7.8,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.0"
+        }
     }
 }

2021/21xxx/CVE-2021-21813.json

@@ -58,5 +58,13 @@
                 "value": "Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": 7.8,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.0"
+        }
     }
 }

2021/21xxx/CVE-2021-21814.json

@@ -58,5 +58,13 @@
                 "value": "Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy\u2018d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": 7.8,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.0"
+        }
     }
 }

2021/21xxx/CVE-2021-21815.json

@@ -58,5 +58,13 @@
                 "value": "A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger this vulnerability."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": 7.8,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.0"
+        }
     }
 }

2021/40xxx/CVE-2021-40394.json

@@ -58,5 +58,13 @@
                 "value": "An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": 10.0,
+            "baseSeverity": null,
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+            "version": "3.0"
+        }
     }
 }