diff --git a/2019/1xxx/CVE-2019-1551.json b/2019/1xxx/CVE-2019-1551.json index 8cc2576eca6..a0ef0204e2d 100644 --- a/2019/1xxx/CVE-2019-1551.json +++ b/2019/1xxx/CVE-2019-1551.json @@ -169,6 +169,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2020-11", "url": "https://www.tenable.com/security/tns-2020-11" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4855", + "url": "https://www.debian.org/security/2021/dsa-4855" } ] } diff --git a/2020/27xxx/CVE-2020-27218.json b/2020/27xxx/CVE-2020-27218.json index f0cab25278a..6e02f65526a 100644 --- a/2020/27xxx/CVE-2020-27218.json +++ b/2020/27xxx/CVE-2020-27218.json @@ -472,6 +472,16 @@ "refsource": "MLIST", "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218", "url": "https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59@%3Creviews.spark.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", + "url": "https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7@%3Creviews.spark.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218", + "url": "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40@%3Creviews.spark.apache.org%3E" } ] } diff --git a/2020/28xxx/CVE-2020-28490.json b/2020/28xxx/CVE-2020-28490.json index d1cd7fce689..a44775f742b 100644 --- a/2020/28xxx/CVE-2020-28490.json +++ b/2020/28xxx/CVE-2020-28490.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877", + "name": "https://snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877" }, { - "refsource": "CONFIRM", - "url": "https://github.com/omrilotan/async-git/pull/14" + "refsource": "MISC", + "url": "https://github.com/omrilotan/async-git/pull/14", + "name": "https://github.com/omrilotan/async-git/pull/14" }, { - "refsource": "CONFIRM", - "url": "https://github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d" + "refsource": "MISC", + "url": "https://github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d", + "name": "https://github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')\n" + "value": "The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')" } ] }, diff --git a/2020/28xxx/CVE-2020-28496.json b/2020/28xxx/CVE-2020-28496.json index 07d2822a308..fa1460c9934 100644 --- a/2020/28xxx/CVE-2020-28496.json +++ b/2020/28xxx/CVE-2020-28496.json @@ -48,20 +48,24 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-THREE-1064931" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-THREE-1064931", + "name": "https://snyk.io/vuln/SNYK-JS-THREE-1064931" }, { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1065972" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1065972", + "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1065972" }, { - "refsource": "CONFIRM", - "url": "https://github.com/mrdoob/three.js/issues/21132" + "refsource": "MISC", + "url": "https://github.com/mrdoob/three.js/issues/21132", + "name": "https://github.com/mrdoob/three.js/issues/21132" }, { - "refsource": "CONFIRM", - "url": "https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e" + "refsource": "MISC", + "url": "https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e", + "name": "https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e" } ] }, @@ -69,7 +73,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package three before 0.125.0.\n This can happen when handling rgb or hsl colors.\r\n\r\nPoC:\r\n\r\nvar three = require('three')\r\n\r\n\r\n\r\nfunction build_blank (n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n\r\n return ret + \"\";\r\n}\r\n\r\nvar Color = three.Color\r\n\r\nvar time = Date.now();\r\nnew Color(build_blank(50000))\r\nvar time_cost = Date.now() - time;\r\nconsole.log(time_cost+\" ms\")\r\n\n" + "value": "This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = \"rgb(\" for (var i = 0; i < n; i++) { ret += \" \" } return ret + \"\"; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+\" ms\")" } ] }, diff --git a/2020/7xxx/CVE-2020-7068.json b/2020/7xxx/CVE-2020-7068.json index cd584956a53..ea4ce114e31 100644 --- a/2020/7xxx/CVE-2020-7068.json +++ b/2020/7xxx/CVE-2020-7068.json @@ -111,6 +111,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200918-0005/", "url": "https://security.netapp.com/advisory/ntap-20200918-0005/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4856", + "url": "https://www.debian.org/security/2021/dsa-4856" } ] }, diff --git a/2020/7xxx/CVE-2020-7069.json b/2020/7xxx/CVE-2020-7069.json index 8c74ab56d9c..a008e0d5a07 100644 --- a/2020/7xxx/CVE-2020-7069.json +++ b/2020/7xxx/CVE-2020-7069.json @@ -135,6 +135,11 @@ "refsource": "GENTOO", "name": "GLSA-202012-16", "url": "https://security.gentoo.org/glsa/202012-16" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4856", + "url": "https://www.debian.org/security/2021/dsa-4856" } ] }, diff --git a/2020/7xxx/CVE-2020-7070.json b/2020/7xxx/CVE-2020-7070.json index e0d3de6cbfe..fd0e63ffdb6 100644 --- a/2020/7xxx/CVE-2020-7070.json +++ b/2020/7xxx/CVE-2020-7070.json @@ -150,6 +150,11 @@ "refsource": "GENTOO", "name": "GLSA-202012-16", "url": "https://security.gentoo.org/glsa/202012-16" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4856", + "url": "https://www.debian.org/security/2021/dsa-4856" } ] }, diff --git a/2020/7xxx/CVE-2020-7071.json b/2020/7xxx/CVE-2020-7071.json index 73233f1d379..58cb6e2011a 100644 --- a/2020/7xxx/CVE-2020-7071.json +++ b/2020/7xxx/CVE-2020-7071.json @@ -95,6 +95,11 @@ "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=77423", "name": "https://bugs.php.net/bug.php?id=77423" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4856", + "url": "https://www.debian.org/security/2021/dsa-4856" } ] }, diff --git a/2021/21xxx/CVE-2021-21702.json b/2021/21xxx/CVE-2021-21702.json index 3883c325691..e47a1c706dc 100644 --- a/2021/21xxx/CVE-2021-21702.json +++ b/2021/21xxx/CVE-2021-21702.json @@ -95,6 +95,11 @@ "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=80672", "name": "https://bugs.php.net/bug.php?id=80672" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4856", + "url": "https://www.debian.org/security/2021/dsa-4856" } ] }, diff --git a/2021/23xxx/CVE-2021-23340.json b/2021/23xxx/CVE-2021-23340.json index 2dc620bf15f..c5f0bcd3f29 100644 --- a/2021/23xxx/CVE-2021-23340.json +++ b/2021/23xxx/CVE-2021-23340.json @@ -48,16 +48,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132", + "name": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132" }, { - "refsource": "CONFIRM", - "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454" + "refsource": "MISC", + "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454", + "name": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454" }, { - "refsource": "CONFIRM", - "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442" + "refsource": "MISC", + "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442", + "name": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442" } ] }, @@ -65,7 +68,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects the package pimcore/pimcore before 6.8.8.\n A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.\r\n\r\n" + "value": "This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability." } ] }, diff --git a/2021/23xxx/CVE-2021-23840.json b/2021/23xxx/CVE-2021-23840.json index 19db27a2121..023207a92ad 100644 --- a/2021/23xxx/CVE-2021-23840.json +++ b/2021/23xxx/CVE-2021-23840.json @@ -84,6 +84,11 @@ "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4855", + "url": "https://www.debian.org/security/2021/dsa-4855" } ] } diff --git a/2021/23xxx/CVE-2021-23841.json b/2021/23xxx/CVE-2021-23841.json index 010ed823e8f..d1971b021b6 100644 --- a/2021/23xxx/CVE-2021-23841.json +++ b/2021/23xxx/CVE-2021-23841.json @@ -84,6 +84,11 @@ "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4855", + "url": "https://www.debian.org/security/2021/dsa-4855" } ] }