From 2c70eec6d2f90958679d71b36ca436c7910e72c0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Jun 2021 15:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/22xxx/CVE-2021-22214.json | 90 ++++++++++++++++++++++++++++++++-- 2021/33xxx/CVE-2021-33175.json | 50 +++++++++++++++++-- 2021/33xxx/CVE-2021-33176.json | 50 +++++++++++++++++-- 2021/34xxx/CVE-2021-34280.json | 61 ++++++++++++++++++++--- 4 files changed, 235 insertions(+), 16 deletions(-) diff --git a/2021/22xxx/CVE-2021-22214.json b/2021/22xxx/CVE-2021-22214.json index c6924f09e79..01e124a075a 100644 --- a/2021/22xxx/CVE-2021-22214.json +++ b/2021/22xxx/CVE-2021-22214.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=10.5, <13.10.5" + }, + { + "version_value": ">=13.11, <13.11.5" + }, + { + "version_value": ">=13.12, <13.12.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-side request forgery (ssrf) in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/322926", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/322926", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1110131", + "url": "https://hackerone.com/reports/1110131", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22214.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22214.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [@myster](https://hackerone.com/myster?type=user) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33175.json b/2021/33xxx/CVE-2021-33175.json index 4ae6da7a853..aa70f9cdc1d 100644 --- a/2021/33xxx/CVE-2021-33175.json +++ b/2021/33xxx/CVE-2021-33175.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33175", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EMQ Technologies", + "product": { + "product_data": [ + { + "product_name": "EMQ X Broker", + "version": { + "version_data": [ + { + "version_value": "<4.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq", + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system." } ] } diff --git a/2021/33xxx/CVE-2021-33176.json b/2021/33xxx/CVE-2021-33176.json index 1c77c69320b..196cf9ee9f0 100644 --- a/2021/33xxx/CVE-2021-33176.json +++ b/2021/33xxx/CVE-2021-33176.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33176", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "disclosure@synopsys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VerneMQ", + "product": { + "product_data": [ + { + "product_name": "vernemq", + "version": { + "version_data": [ + { + "version_value": "<1.12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq", + "refsource": "MISC", + "name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system." } ] } diff --git a/2021/34xxx/CVE-2021-34280.json b/2021/34xxx/CVE-2021-34280.json index f355cd93265..16ab2d0cbb7 100644 --- a/2021/34xxx/CVE-2021-34280.json +++ b/2021/34xxx/CVE-2021-34280.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34280", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34280", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution. To exploit the vulnerability, someone must open a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://polaris.com", + "refsource": "MISC", + "name": "http://polaris.com" + }, + { + "url": "https://gist.github.com/dlehgus1023/b065260b1aaa5a4034beb55c609851e4", + "refsource": "MISC", + "name": "https://gist.github.com/dlehgus1023/b065260b1aaa5a4034beb55c609851e4" } ] }