From 310999e5b44c28d2ded065f85893ce6257000157 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 9 Aug 2021 21:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2008/2xxx/CVE-2008-2711.json | 5 +++ 2021/32xxx/CVE-2021-32797.json | 2 +- 2021/36xxx/CVE-2021-36386.json | 5 +++ 2021/38xxx/CVE-2021-38302.json | 18 +++++++++ 2021/38xxx/CVE-2021-38303.json | 18 +++++++++ 2021/38xxx/CVE-2021-38304.json | 18 +++++++++ 2021/38xxx/CVE-2021-38305.json | 67 ++++++++++++++++++++++++++++++++++ 2021/38xxx/CVE-2021-38306.json | 18 +++++++++ 8 files changed, 150 insertions(+), 1 deletion(-) create mode 100644 2021/38xxx/CVE-2021-38302.json create mode 100644 2021/38xxx/CVE-2021-38303.json create mode 100644 2021/38xxx/CVE-2021-38304.json create mode 100644 2021/38xxx/CVE-2021-38305.json create mode 100644 2021/38xxx/CVE-2021-38306.json diff --git a/2008/2xxx/CVE-2008-2711.json b/2008/2xxx/CVE-2008-2711.json index f01469c7051..6878db8ef5a 100644 --- a/2008/2xxx/CVE-2008-2711.json +++ b/2008/2xxx/CVE-2008-2711.json @@ -171,6 +171,11 @@ "name": "30742", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30742" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210809 fetchmail 6.4.21 released/regression fix for 6.4.20's security fix, and UPDATE: fetchmail <= 6.4.19 security announcement 2021-01 (CVE-2021-36386)", + "url": "http://www.openwall.com/lists/oss-security/2021/08/09/1" } ] } diff --git a/2021/32xxx/CVE-2021-32797.json b/2021/32xxx/CVE-2021-32797.json index c6f1b4b4715..2345f299642 100644 --- a/2021/32xxx/CVE-2021-32797.json +++ b/2021/32xxx/CVE-2021-32797.json @@ -47,7 +47,7 @@ "description_data": [ { "lang": "eng", - "value": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn’t sanitize the action attribute of html `
`. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook. " + "value": "JupyterLab is a user interface for Project Jupyter which will eventually replace the classic Jupyter Notebook. In affected versions untrusted notebook can execute code on load. In particular JupyterLab doesn\u2019t sanitize the action attribute of html ``. Using this it is possible to trigger the form validation outside of the form itself. This is a remote code execution, but requires user action to open a notebook." } ] }, diff --git a/2021/36xxx/CVE-2021-36386.json b/2021/36xxx/CVE-2021-36386.json index 3152be0be5e..dbbc76910c0 100644 --- a/2021/36xxx/CVE-2021-36386.json +++ b/2021/36xxx/CVE-2021-36386.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://www.fetchmail.info/fetchmail-SA-2021-01.txt", "url": "https://www.fetchmail.info/fetchmail-SA-2021-01.txt" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210809 fetchmail 6.4.21 released/regression fix for 6.4.20's security fix, and UPDATE: fetchmail <= 6.4.19 security announcement 2021-01 (CVE-2021-36386)", + "url": "http://www.openwall.com/lists/oss-security/2021/08/09/1" } ] } diff --git a/2021/38xxx/CVE-2021-38302.json b/2021/38xxx/CVE-2021-38302.json new file mode 100644 index 00000000000..bee48b61790 --- /dev/null +++ b/2021/38xxx/CVE-2021-38302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38303.json b/2021/38xxx/CVE-2021-38303.json new file mode 100644 index 00000000000..14cc3a746c5 --- /dev/null +++ b/2021/38xxx/CVE-2021-38303.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38303", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38304.json b/2021/38xxx/CVE-2021-38304.json new file mode 100644 index 00000000000..22a4b4b0f81 --- /dev/null +++ b/2021/38xxx/CVE-2021-38304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38305.json b/2021/38xxx/CVE-2021-38305.json new file mode 100644 index 00000000000..5c402e712fa --- /dev/null +++ b/2021/38xxx/CVE-2021-38305.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-38305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/23andMe/Yamale/releases/tag/3.0.8", + "refsource": "MISC", + "name": "https://github.com/23andMe/Yamale/releases/tag/3.0.8" + }, + { + "url": "https://github.com/23andMe/Yamale/pull/165", + "refsource": "MISC", + "name": "https://github.com/23andMe/Yamale/pull/165" + } + ] + } +} \ No newline at end of file diff --git a/2021/38xxx/CVE-2021-38306.json b/2021/38xxx/CVE-2021-38306.json new file mode 100644 index 00000000000..43dc903dea7 --- /dev/null +++ b/2021/38xxx/CVE-2021-38306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-38306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file