diff --git a/2020/24xxx/CVE-2020-24136.json b/2020/24xxx/CVE-2020-24136.json index c97d1dca229..c8f8ea807f7 100644 --- a/2020/24xxx/CVE-2020-24136.json +++ b/2020/24xxx/CVE-2020-24136.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24136", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24136", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/vedees/wcms/issues/12", + "url": "https://github.com/vedees/wcms/issues/12" } ] } diff --git a/2020/24xxx/CVE-2020-24138.json b/2020/24xxx/CVE-2020-24138.json index 02480186460..2e99143e2ca 100644 --- a/2020/24xxx/CVE-2020-24138.json +++ b/2020/24xxx/CVE-2020-24138.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24138", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24138", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/vedees/wcms/issues/10", + "url": "https://github.com/vedees/wcms/issues/10" } ] } diff --git a/2020/25xxx/CVE-2020-25584.json b/2020/25xxx/CVE-2020-25584.json index 12962fe9c89..5756b99d548 100644 --- a/2020/25xxx/CVE-2020-25584.json +++ b/2020/25xxx/CVE-2020-25584.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 12.2-RELEASE before p6, 11.4-RELEASE before p9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Time-of-check Time-of-use Race Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:10.jail_mount.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:10.jail_mount.asc" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of \"..\" and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail." } ] } diff --git a/2021/21xxx/CVE-2021-21639.json b/2021/21xxx/CVE-2021-21639.json index 1533bf534f5..162f0274fef 100644 --- a/2021/21xxx/CVE-2021-21639.json +++ b/2021/21xxx/CVE-2021-21639.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721", "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2" } ] } diff --git a/2021/21xxx/CVE-2021-21640.json b/2021/21xxx/CVE-2021-21640.json index 78dcddc86e1..5bcc92872f9 100644 --- a/2021/21xxx/CVE-2021-21640.json +++ b/2021/21xxx/CVE-2021-21640.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871", "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2" } ] } diff --git a/2021/21xxx/CVE-2021-21641.json b/2021/21xxx/CVE-2021-21641.json index 794ba6f1b39..b69b0d50f6e 100644 --- a/2021/21xxx/CVE-2021-21641.json +++ b/2021/21xxx/CVE-2021-21641.json @@ -61,6 +61,11 @@ "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293", "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293", "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2" } ] } diff --git a/2021/28xxx/CVE-2021-28165.json b/2021/28xxx/CVE-2021-28165.json index 77f2f8e27e1..af4d4a9cbfc 100644 --- a/2021/28xxx/CVE-2021-28165.json +++ b/2021/28xxx/CVE-2021-28165.json @@ -127,6 +127,21 @@ "refsource": "MLIST", "name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165", "url": "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1", + "url": "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", + "url": "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165", + "url": "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d@%3Cnotifications.zookeeper.apache.org%3E" } ] } diff --git a/2021/28xxx/CVE-2021-28927.json b/2021/28xxx/CVE-2021-28927.json index d659a046bf6..b54e8f263c6 100644 --- a/2021/28xxx/CVE-2021-28927.json +++ b/2021/28xxx/CVE-2021-28927.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-28927", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-28927", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The text-to-speech engine in libretro RetroArch for Windows 0.11 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://libretro.com", + "refsource": "MISC", + "name": "http://libretro.com" + }, + { + "url": "http://retroarch.com", + "refsource": "MISC", + "name": "http://retroarch.com" + }, + { + "url": "https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c", + "refsource": "MISC", + "name": "https://github.com/libretro/RetroArch/blob/d3dc3ee989ec6a4903c689907ffc47027f71f776/frontend/drivers/platform_win32.c" } ] } diff --git a/2021/29xxx/CVE-2021-29626.json b/2021/29xxx/CVE-2021-29626.json index 18635165b0b..a00baf67ffd 100644 --- a/2021/29xxx/CVE-2021-29626.json +++ b/2021/29xxx/CVE-2021-29626.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 12.2-RELEASE before p6, 11.4-RELEASE before p9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free memory disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:08.vm.asc" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unpriivleged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel." } ] } diff --git a/2021/29xxx/CVE-2021-29627.json b/2021/29xxx/CVE-2021-29627.json index 45979bf2e81..de8f890b79a 100644 --- a/2021/29xxx/CVE-2021-29627.json +++ b/2021/29xxx/CVE-2021-29627.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 12.2-RELEASE before p6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double free or use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:09.accept_filter.asc" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free." } ] } diff --git a/2021/30xxx/CVE-2021-30196.json b/2021/30xxx/CVE-2021-30196.json new file mode 100644 index 00000000000..89fe47a922f --- /dev/null +++ b/2021/30xxx/CVE-2021-30196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-30196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file