From 2cc7a5bab2952445a839c0c6d290a18c1910a545 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 4 Aug 2021 14:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/21xxx/CVE-2021-21864.json | 5 +++ 2021/21xxx/CVE-2021-21865.json | 5 +++ 2021/21xxx/CVE-2021-21866.json | 5 +++ 2021/32xxx/CVE-2021-32590.json | 2 +- 2021/32xxx/CVE-2021-32594.json | 2 +- 2021/33xxx/CVE-2021-33337.json | 61 ++++++++++++++++++++++++++++++---- 2021/33xxx/CVE-2021-33338.json | 61 ++++++++++++++++++++++++++++++---- 2021/35xxx/CVE-2021-35463.json | 56 +++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36090.json | 15 +++++++++ 2021/36xxx/CVE-2021-36764.json | 56 +++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36765.json | 56 +++++++++++++++++++++++++++---- 11 files changed, 292 insertions(+), 32 deletions(-) diff --git a/2021/21xxx/CVE-2021-21864.json b/2021/21xxx/CVE-2021-21864.json index 6af33288039..5cfc92f583d 100644 --- a/2021/21xxx/CVE-2021-21864.json +++ b/2021/21xxx/CVE-2021-21864.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=" } ] }, diff --git a/2021/21xxx/CVE-2021-21865.json b/2021/21xxx/CVE-2021-21865.json index d66997e1375..ad27e83da77 100644 --- a/2021/21xxx/CVE-2021-21865.json +++ b/2021/21xxx/CVE-2021-21865.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=" } ] }, diff --git a/2021/21xxx/CVE-2021-21866.json b/2021/21xxx/CVE-2021-21866.json index 9a9ea8ab171..b06cc89b09d 100644 --- a/2021/21xxx/CVE-2021-21866.json +++ b/2021/21xxx/CVE-2021-21866.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1301" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=" } ] }, diff --git a/2021/32xxx/CVE-2021-32590.json b/2021/32xxx/CVE-2021-32590.json index 778020e7b01..e47c8d710cd 100644 --- a/2021/32xxx/CVE-2021-32590.json +++ b/2021/32xxx/CVE-2021-32590.json @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple improper neutralization of special elements used in an\u00a0SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests." + "value": "Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests." } ] } diff --git a/2021/32xxx/CVE-2021-32594.json b/2021/32xxx/CVE-2021-32594.json index 47cd74dfab0..09be3b46bc1 100644 --- a/2021/32xxx/CVE-2021-32594.json +++ b/2021/32xxx/CVE-2021-32594.json @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier\u00a0may allow a low-privileged user to potentially tamper with the underlying\u00a0system's files via the upload of specifically\u00a0crafted files." + "value": "An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files." } ] } diff --git a/2021/33xxx/CVE-2021-33337.json b/2021/33xxx/CVE-2021-33337.json index d73d5e30508..602de314a94 100644 --- a/2021/33xxx/CVE-2021-33337.json +++ b/2021/33xxx/CVE-2021-33337.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33337", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33337", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-33337-stored-xss-with-document-types-in-documents-and-media", + "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-33337-stored-xss-with-document-types-in-documents-and-media" + }, + { + "refsource": "CONFIRM", + "name": "https://issues.liferay.com/browse/LPE-17101", + "url": "https://issues.liferay.com/browse/LPE-17101" } ] } diff --git a/2021/33xxx/CVE-2021-33338.json b/2021/33xxx/CVE-2021-33338.json index 4fb6af56b05..4327266fa4e 100644 --- a/2021/33xxx/CVE-2021-33338.json +++ b/2021/33xxx/CVE-2021-33338.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33338", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33338", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748276", + "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748276" + }, + { + "refsource": "CONFIRM", + "name": "https://issues.liferay.com/browse/LPE-17030", + "url": "https://issues.liferay.com/browse/LPE-17030" } ] } diff --git a/2021/35xxx/CVE-2021-35463.json b/2021/35xxx/CVE-2021-35463.json index debb7be2363..713efd65f2f 100644 --- a/2021/35xxx/CVE-2021-35463.json +++ b/2021/35xxx/CVE-2021-35463.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35463", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35463", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747934", + "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747934" } ] } diff --git a/2021/36xxx/CVE-2021-36090.json b/2021/36xxx/CVE-2021-36090.json index 0e32f68ac44..0fe15f80798 100644 --- a/2021/36xxx/CVE-2021-36090.json +++ b/2021/36xxx/CVE-2021-36090.json @@ -176,6 +176,21 @@ "refsource": "MLIST", "name": "[drill-dev] 20210804 [GitHub] [drill] luocooong opened a new pull request #2285: Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090", "url": "https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-commits] 20210804 [drill] branch master updated: Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090", + "url": "https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949@%3Ccommits.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-dev] 20210804 [GitHub] [drill] luocooong merged pull request #2285: DRILL-7981: Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090", + "url": "https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20210804 [jira] [Commented] (DRILL-7981) Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090", + "url": "https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a@%3Cissues.drill.apache.org%3E" } ] }, diff --git a/2021/36xxx/CVE-2021-36764.json b/2021/36xxx/CVE-2021-36764.json index 4cd5d2db2d9..6a84b5d8af4 100644 --- a/2021/36xxx/CVE-2021-36764.json +++ b/2021/36xxx/CVE-2021-36764.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36764", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36764", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16804&token=d8c89c887979b22fdfc9fd5c3aa3804bbb1ddbff&download=" } ] } diff --git a/2021/36xxx/CVE-2021-36765.json b/2021/36xxx/CVE-2021-36765.json index f0853268249..9e79caf5f5c 100644 --- a/2021/36xxx/CVE-2021-36765.json +++ b/2021/36xxx/CVE-2021-36765.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36765", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36765", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16806&token=3b0c51de5a6e35bccbb413ddaaa56551ca5490f6&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16806&token=3b0c51de5a6e35bccbb413ddaaa56551ca5490f6&download=" } ] }