From 4101d4bd89ec02e47bc230607130afb0b0b76748 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 24 Aug 2021 11:00:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20444.json | 5 ++ 2019/20xxx/CVE-2019-20445.json | 5 ++ 2021/34xxx/CVE-2021-34398.json | 137 +++++++++++++++++---------------- 2021/3xxx/CVE-2021-3693.json | 5 ++ 2021/3xxx/CVE-2021-3694.json | 5 ++ 2021/3xxx/CVE-2021-3731.json | 7 +- 6 files changed, 95 insertions(+), 69 deletions(-) diff --git a/2019/20xxx/CVE-2019-20444.json b/2019/20xxx/CVE-2019-20444.json index 81b27288644..ea8c795535f 100644 --- a/2019/20xxx/CVE-2019-20444.json +++ b/2019/20xxx/CVE-2019-20444.json @@ -376,6 +376,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx", "url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E" } ] } diff --git a/2019/20xxx/CVE-2019-20445.json b/2019/20xxx/CVE-2019-20445.json index 0aefe41d382..d09b27d5765 100644 --- a/2019/20xxx/CVE-2019-20445.json +++ b/2019/20xxx/CVE-2019-20445.json @@ -316,6 +316,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx", "url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445", + "url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E" } ] } diff --git a/2021/34xxx/CVE-2021-34398.json b/2021/34xxx/CVE-2021-34398.json index e68c3a203b5..f413391c2e1 100644 --- a/2021/34xxx/CVE-2021-34398.json +++ b/2021/34xxx/CVE-2021-34398.json @@ -1,69 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2021-34398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA Data Center GPU Manager (DCGM)", - "version" : { - "version_data" : [ - { - "version_value" : "DCGM versions prior to 2.2.9" - } - ] - } - } - ] - }, - "vendor_name" : "NVIDIA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : 7.8, - "baseSeverity" : "High", - "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.1" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information disclosure, denial of service, loss of integrity" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5219" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2021-34398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA Data Center GPU Manager (DCGM)", + "version": { + "version_data": [ + { + "version_value": "DCGM versions prior to 2.2.9" + } + ] + } + } + ] + }, + "vendor_name": "NVIDIA" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.8, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure, denial of service, loss of integrity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5219", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5219" + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3693.json b/2021/3xxx/CVE-2021-3693.json index 7f023ff3bf6..1cbd82c60f6 100644 --- a/2021/3xxx/CVE-2021-3693.json +++ b/2021/3xxx/CVE-2021-3693.json @@ -83,6 +83,11 @@ "name": "https://ledgersmb.org/cve-2021-3693-cross-site-scripting", "refsource": "MISC", "url": "https://ledgersmb.org/cve-2021-3693-cross-site-scripting" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4962", + "url": "https://www.debian.org/security/2021/dsa-4962" } ] }, diff --git a/2021/3xxx/CVE-2021-3694.json b/2021/3xxx/CVE-2021-3694.json index 8c1e74ac960..f087cb8f310 100644 --- a/2021/3xxx/CVE-2021-3694.json +++ b/2021/3xxx/CVE-2021-3694.json @@ -91,6 +91,11 @@ "name": "https://ledgersmb.org/cve-2021-3694-cross-site-scripting", "refsource": "MISC", "url": "https://ledgersmb.org/cve-2021-3694-cross-site-scripting" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4962", + "url": "https://www.debian.org/security/2021/dsa-4962" } ] }, diff --git a/2021/3xxx/CVE-2021-3731.json b/2021/3xxx/CVE-2021-3731.json index f61ebf406d8..cb9cc6d7b2a 100644 --- a/2021/3xxx/CVE-2021-3731.json +++ b/2021/3xxx/CVE-2021-3731.json @@ -83,6 +83,11 @@ "name": "https://ledgersmb.org/cve-2021-3731-clickjacking", "refsource": "CONFIRM", "url": "https://ledgersmb.org/cve-2021-3731-clickjacking" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4962", + "url": "https://www.debian.org/security/2021/dsa-4962" } ] }, @@ -90,4 +95,4 @@ "advisory": "5664331d-f5f8-4412-8566-408f8655888a", "discovery": "EXTERNAL" } -} +} \ No newline at end of file