From 36fda4674db75a5273070508c6a997618a01dde9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 30 Aug 2021 20:00:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11420.json | 5 +++ 2021/35xxx/CVE-2021-35062.json | 56 ++++++++++++++++++++++++++++++---- 2021/36xxx/CVE-2021-36691.json | 56 ++++++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37847.json | 5 +++ 2021/37xxx/CVE-2021-37848.json | 5 +++ 2021/39xxx/CVE-2021-39132.json | 2 +- 2021/40xxx/CVE-2021-40328.json | 18 +++++++++++ 2021/40xxx/CVE-2021-40329.json | 18 +++++++++++ 8 files changed, 152 insertions(+), 13 deletions(-) create mode 100644 2021/40xxx/CVE-2021-40328.json create mode 100644 2021/40xxx/CVE-2021-40329.json diff --git a/2020/11xxx/CVE-2020-11420.json b/2020/11xxx/CVE-2020-11420.json index 4baa6ab49bc..ccad92c704d 100644 --- a/2020/11xxx/CVE-2020-11420.json +++ b/2020/11xxx/CVE-2020-11420.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249", "url": "https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249" + }, + { + "refsource": "MISC", + "name": "https://www.generex.de/support/changelogs/cs141/page:2", + "url": "https://www.generex.de/support/changelogs/cs141/page:2" } ] } diff --git a/2021/35xxx/CVE-2021-35062.json b/2021/35xxx/CVE-2021-35062.json index c171fe4fbe6..b93bfd7f13e 100644 --- a/2021/35xxx/CVE-2021-35062.json +++ b/2021/35xxx/CVE-2021-35062.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35062", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35062", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/sthierolf/security/blob/main/CVE-2021-35062.md", + "url": "https://github.com/sthierolf/security/blob/main/CVE-2021-35062.md" } ] } diff --git a/2021/36xxx/CVE-2021-36691.json b/2021/36xxx/CVE-2021-36691.json index ef79f7eda7c..8113647992f 100644 --- a/2021/36xxx/CVE-2021-36691.json +++ b/2021/36xxx/CVE-2021-36691.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36691", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36691", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/libjxl/libjxl/issues/422", + "url": "https://github.com/libjxl/libjxl/issues/422" } ] } diff --git a/2021/37xxx/CVE-2021-37847.json b/2021/37xxx/CVE-2021-37847.json index a6ac73508ca..79029420ffb 100644 --- a/2021/37xxx/CVE-2021-37847.json +++ b/2021/37xxx/CVE-2021-37847.json @@ -56,6 +56,11 @@ "url": "https://github.com/saschahauer/barebox/commit/0a9f9a7410681e55362f8311537ebc7be9ad0fbe", "refsource": "MISC", "name": "https://github.com/saschahauer/barebox/commit/0a9f9a7410681e55362f8311537ebc7be9ad0fbe" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb", + "url": "https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb" } ] } diff --git a/2021/37xxx/CVE-2021-37848.json b/2021/37xxx/CVE-2021-37848.json index 747134d0456..c28e05bd449 100644 --- a/2021/37xxx/CVE-2021-37848.json +++ b/2021/37xxx/CVE-2021-37848.json @@ -56,6 +56,11 @@ "url": "https://github.com/saschahauer/barebox/commit/a3337563c705bc8e0cf32f910b3e9e3c43d962ff", "refsource": "MISC", "name": "https://github.com/saschahauer/barebox/commit/a3337563c705bc8e0cf32f910b3e9e3c43d962ff" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb", + "url": "https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb" } ] } diff --git a/2021/39xxx/CVE-2021-39132.json b/2021/39xxx/CVE-2021-39132.json index d92e7086ef5..2a84a32b763 100644 --- a/2021/39xxx/CVE-2021-39132.json +++ b/2021/39xxx/CVE-2021-39132.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "### Impact\n\nAn authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An authenticated user can make a POST request, that can cause the server to run untrusted code on Rundeck Enterprise Edition.\n\nThe zip-format plugin issues requires authentication and authorization to these access levels, and affects all Rundeck editions:\n\n* `admin` level access to the `system` resource type\n\nThe ACL Policy yaml file upload issues requires authentication and authorization to these access levels, and affects all Rundeck editions: \n\n* `create` `update` or `admin` level access to a `project_acl` resource\n* `create` `update` or `admin` level access to the `system_acl` resource\n\nThe unauthorized POST request requires authentication, but no specific authorization, and affects Rundeck Enterprise only.\n\n### Patches\nVersions 3.4.3, 3.3.14\n\n### Workarounds\n\nPlease visit [https://rundeck.com/security](https://rundeck.com/security) for information about specific workarounds.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@rundeck.com](mailto:security@rundeck.com)\n\nTo report security issues to Rundeck please use the form at [https://rundeck.com/security](https://rundeck.com/security)\n\nReporter: Rojan Rijal from Tinder Red Team" + "value": "### Impact An authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An authenticated user can make a POST request, that can cause the server to run untrusted code on Rundeck Enterprise Edition. The zip-format plugin issues requires authentication and authorization to these access levels, and affects all Rundeck editions: * `admin` level access to the `system` resource type The ACL Policy yaml file upload issues requires authentication and authorization to these access levels, and affects all Rundeck editions: * `create` `update` or `admin` level access to a `project_acl` resource * `create` `update` or `admin` level access to the `system_acl` resource The unauthorized POST request requires authentication, but no specific authorization, and affects Rundeck Enterprise only. ### Patches Versions 3.4.3, 3.3.14 ### Workarounds Please visit [https://rundeck.com/security](https://rundeck.com/security) for information about specific workarounds. ### For more information If you have any questions or comments about this advisory: * Email us at [security@rundeck.com](mailto:security@rundeck.com) To report security issues to Rundeck please use the form at [https://rundeck.com/security](https://rundeck.com/security) Reporter: Rojan Rijal from Tinder Red Team" } ] }, diff --git a/2021/40xxx/CVE-2021-40328.json b/2021/40xxx/CVE-2021-40328.json new file mode 100644 index 00000000000..a37967b4d05 --- /dev/null +++ b/2021/40xxx/CVE-2021-40328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-40328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40329.json b/2021/40xxx/CVE-2021-40329.json new file mode 100644 index 00000000000..5667bb0e8a2 --- /dev/null +++ b/2021/40xxx/CVE-2021-40329.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-40329", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file