From 545170a91e57a51a3646f763397bf059e9562d82 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 12 Nov 2021 23:01:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/21xxx/CVE-2021-21528.json | 45 +++++++++++++++++----------------- 2021/36xxx/CVE-2021-36305.json | 43 ++++++++++++++++---------------- 2021/36xxx/CVE-2021-36315.json | 43 ++++++++++++++++---------------- 2021/36xxx/CVE-2021-36323.json | 43 ++++++++++++++++---------------- 2021/36xxx/CVE-2021-36324.json | 43 ++++++++++++++++---------------- 2021/36xxx/CVE-2021-36325.json | 41 ++++++++++++++++--------------- 2021/3xxx/CVE-2021-3519.json | 5 ++-- 2021/3xxx/CVE-2021-3577.json | 5 ++-- 2021/3xxx/CVE-2021-3599.json | 5 ++-- 2021/3xxx/CVE-2021-3718.json | 5 ++-- 2021/3xxx/CVE-2021-3719.json | 5 ++-- 2021/3xxx/CVE-2021-3720.json | 5 ++-- 2021/3xxx/CVE-2021-3723.json | 5 ++-- 2021/3xxx/CVE-2021-3786.json | 7 +++--- 2021/3xxx/CVE-2021-3787.json | 5 ++-- 2021/3xxx/CVE-2021-3788.json | 7 +++--- 2021/3xxx/CVE-2021-3789.json | 7 +++--- 2021/3xxx/CVE-2021-3790.json | 7 +++--- 2021/3xxx/CVE-2021-3791.json | 7 +++--- 2021/3xxx/CVE-2021-3792.json | 5 ++-- 2021/3xxx/CVE-2021-3793.json | 5 ++-- 2021/3xxx/CVE-2021-3840.json | 7 +++--- 2021/3xxx/CVE-2021-3843.json | 5 ++-- 2021/42xxx/CVE-2021-42340.json | 10 ++++++++ 2021/43xxx/CVE-2021-43612.json | 18 ++++++++++++++ 2021/43xxx/CVE-2021-43613.json | 18 ++++++++++++++ 2021/43xxx/CVE-2021-43614.json | 18 ++++++++++++++ 27 files changed, 253 insertions(+), 166 deletions(-) create mode 100644 2021/43xxx/CVE-2021-43612.json create mode 100644 2021/43xxx/CVE-2021-43613.json create mode 100644 2021/43xxx/CVE-2021-43614.json diff --git a/2021/21xxx/CVE-2021-21528.json b/2021/21xxx/CVE-2021-21528.json index 5c7ef2ce53c..d5f42611948 100644 --- a/2021/21xxx/CVE-2021-21528.json +++ b/2021/21xxx/CVE-2021-21528.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-10-28", - "ID": "CVE-2021-21528", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-10-28", + "ID": "CVE-2021-21528", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale OneFS", + "product_name": "PowerScale OneFS", "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "=", "version_value": "9.1.0, 9.2.0.x, 9.2.1.x" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", - "value": "Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability.\u00a0 This vulnerability is triggered when upgrading from a previous versions." + "lang": "eng", + "value": "Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.5, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-548: Information Exposure Through Directory Listing" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000193005/" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000193005/", + "name": "https://www.dell.com/support/kbdoc/en-us/000193005/" } ] } diff --git a/2021/36xxx/CVE-2021-36305.json b/2021/36xxx/CVE-2021-36305.json index 10163491101..d29bc977f4c 100644 --- a/2021/36xxx/CVE-2021-36305.json +++ b/2021/36xxx/CVE-2021-36305.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-09-30", - "ID": "CVE-2021-36305", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-09-30", + "ID": "CVE-2021-36305", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale OneFS", + "product_name": "PowerScale OneFS", "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "=", "version_value": "8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, 9.1.1.x, 8.2.2, 9.1.0.x , 9.2.1.x" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.5, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "Other" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000192046" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000192046", + "name": "https://www.dell.com/support/kbdoc/000192046" } ] } diff --git a/2021/36xxx/CVE-2021-36315.json b/2021/36xxx/CVE-2021-36315.json index effdf803b84..ee18375e6c3 100644 --- a/2021/36xxx/CVE-2021-36315.json +++ b/2021/36xxx/CVE-2021-36315.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-10-28", - "ID": "CVE-2021-36315", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-10-28", + "ID": "CVE-2021-36315", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale Nodes", + "product_name": "PowerScale Nodes", "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "=", "version_value": "A100, S210, X410, H400, X210, NL410, A200, A2000, H400, H500, H600, H5600, F800, F810,F200, F600, A300, A3000, H700, H7000" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.8, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "Other" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000193005/" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000193005/", + "name": "https://www.dell.com/support/kbdoc/en-us/000193005/" } ] } diff --git a/2021/36xxx/CVE-2021-36323.json b/2021/36xxx/CVE-2021-36323.json index fba9386a510..566a83b6d9d 100644 --- a/2021/36xxx/CVE-2021-36323.json +++ b/2021/36xxx/CVE-2021-36323.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-11-01", - "ID": "CVE-2021-36323", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-11-01", + "ID": "CVE-2021-36323", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "CPG BIOS", + "product_name": "CPG BIOS", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "1.13.0" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.5, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000192967" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000192967", + "name": "https://www.dell.com/support/kbdoc/en-us/000192967" } ] } diff --git a/2021/36xxx/CVE-2021-36324.json b/2021/36xxx/CVE-2021-36324.json index 5fb585734bb..d4dd2ae810a 100644 --- a/2021/36xxx/CVE-2021-36324.json +++ b/2021/36xxx/CVE-2021-36324.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-11-01", - "ID": "CVE-2021-36324", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-11-01", + "ID": "CVE-2021-36324", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "CPG BIOS", + "product_name": "CPG BIOS", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "1.13.0" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.5, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000192967" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000192967", + "name": "https://www.dell.com/support/kbdoc/en-us/000192967" } ] } diff --git a/2021/36xxx/CVE-2021-36325.json b/2021/36xxx/CVE-2021-36325.json index 7de5d64e6c6..6af00497f44 100644 --- a/2021/36xxx/CVE-2021-36325.json +++ b/2021/36xxx/CVE-2021-36325.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", + "ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2021-11-01", - "ID": "CVE-2021-36325", + "ID": "CVE-2021-36325", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "CPG BIOS", + "product_name": "CPG BIOS", "version": { "version_data": [ { - "version_affected": "<", + "version_affected": "<", "version_value": "1.13.0" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.5, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-20: Improper Input Validation" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/en-us/000192967" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/en-us/000192967", + "name": "https://www.dell.com/support/kbdoc/en-us/000192967" } ] } diff --git a/2021/3xxx/CVE-2021-3519.json b/2021/3xxx/CVE-2021-3519.json index 1e2ce8546a2..e7e154985b6 100644 --- a/2021/3xxx/CVE-2021-3519.json +++ b/2021/3xxx/CVE-2021-3519.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-67440" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-67440", + "name": "https://support.lenovo.com/us/en/product_security/LEN-67440" } ] }, diff --git a/2021/3xxx/CVE-2021-3577.json b/2021/3xxx/CVE-2021-3577.json index 4190e4bc4d9..5dceb8ed888 100644 --- a/2021/3xxx/CVE-2021-3577.json +++ b/2021/3xxx/CVE-2021-3577.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://binatoneglobal.com/security-advisory/" + "refsource": "MISC", + "url": "https://binatoneglobal.com/security-advisory/", + "name": "https://binatoneglobal.com/security-advisory/" } ] }, diff --git a/2021/3xxx/CVE-2021-3599.json b/2021/3xxx/CVE-2021-3599.json index d64ac9bdb36..9b595b6789c 100644 --- a/2021/3xxx/CVE-2021-3599.json +++ b/2021/3xxx/CVE-2021-3599.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-67440" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-67440", + "name": "https://support.lenovo.com/us/en/product_security/LEN-67440" } ] }, diff --git a/2021/3xxx/CVE-2021-3718.json b/2021/3xxx/CVE-2021-3718.json index ea923516dfc..46bb8570b9c 100644 --- a/2021/3xxx/CVE-2021-3718.json +++ b/2021/3xxx/CVE-2021-3718.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-72619" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-72619", + "name": "https://support.lenovo.com/us/en/product_security/LEN-72619" } ] }, diff --git a/2021/3xxx/CVE-2021-3719.json b/2021/3xxx/CVE-2021-3719.json index d044401ed2c..d7e1d637005 100644 --- a/2021/3xxx/CVE-2021-3719.json +++ b/2021/3xxx/CVE-2021-3719.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-67440" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-67440", + "name": "https://support.lenovo.com/us/en/product_security/LEN-67440" } ] }, diff --git a/2021/3xxx/CVE-2021-3720.json b/2021/3xxx/CVE-2021-3720.json index 063514136fa..559d406ffa8 100644 --- a/2021/3xxx/CVE-2021-3720.json +++ b/2021/3xxx/CVE-2021-3720.json @@ -90,8 +90,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://iknow.lenovo.com.cn/detail/dc_199217.html" + "refsource": "MISC", + "url": "https://iknow.lenovo.com.cn/detail/dc_199217.html", + "name": "https://iknow.lenovo.com.cn/detail/dc_199217.html" } ] }, diff --git a/2021/3xxx/CVE-2021-3723.json b/2021/3xxx/CVE-2021-3723.json index e01c3d7f4a0..cf13741d025 100644 --- a/2021/3xxx/CVE-2021-3723.json +++ b/2021/3xxx/CVE-2021-3723.json @@ -90,8 +90,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-66347" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-66347", + "name": "https://support.lenovo.com/us/en/product_security/LEN-66347" } ] }, diff --git a/2021/3xxx/CVE-2021-3786.json b/2021/3xxx/CVE-2021-3786.json index a6ab2401dad..31f3c829383 100644 --- a/2021/3xxx/CVE-2021-3786.json +++ b/2021/3xxx/CVE-2021-3786.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. " + "value": "A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range." } ] }, @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-67440" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-67440", + "name": "https://support.lenovo.com/us/en/product_security/LEN-67440" } ] }, diff --git a/2021/3xxx/CVE-2021-3787.json b/2021/3xxx/CVE-2021-3787.json index 194725f1bff..7adc06430f7 100644 --- a/2021/3xxx/CVE-2021-3787.json +++ b/2021/3xxx/CVE-2021-3787.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://binatoneglobal.com/security-advisory/" + "refsource": "MISC", + "url": "https://binatoneglobal.com/security-advisory/", + "name": "https://binatoneglobal.com/security-advisory/" } ] }, diff --git a/2021/3xxx/CVE-2021-3788.json b/2021/3xxx/CVE-2021-3788.json index a923df79ef6..e4edd1a054c 100644 --- a/2021/3xxx/CVE-2021-3788.json +++ b/2021/3xxx/CVE-2021-3788.json @@ -31,7 +31,7 @@ "credit": [ { "lang": "eng", - "value": "Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue." + "value": "Motorola thanks Lennert Wouters and G\u00fcnes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue." } ], "data_format": "MITRE", @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://binatoneglobal.com/security-advisory/" + "refsource": "MISC", + "url": "https://binatoneglobal.com/security-advisory/", + "name": "https://binatoneglobal.com/security-advisory/" } ] }, diff --git a/2021/3xxx/CVE-2021-3789.json b/2021/3xxx/CVE-2021-3789.json index 85e732a2c0a..691f074da2f 100644 --- a/2021/3xxx/CVE-2021-3789.json +++ b/2021/3xxx/CVE-2021-3789.json @@ -31,7 +31,7 @@ "credit": [ { "lang": "eng", - "value": "Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue." + "value": "Motorola thanks Lennert Wouters and G\u00fcnes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue." } ], "data_format": "MITRE", @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://binatoneglobal.com/security-advisory/" + "refsource": "MISC", + "url": "https://binatoneglobal.com/security-advisory/", + "name": "https://binatoneglobal.com/security-advisory/" } ] }, diff --git a/2021/3xxx/CVE-2021-3790.json b/2021/3xxx/CVE-2021-3790.json index 04de46161b6..42fb1b4f786 100644 --- a/2021/3xxx/CVE-2021-3790.json +++ b/2021/3xxx/CVE-2021-3790.json @@ -31,7 +31,7 @@ "credit": [ { "lang": "eng", - "value": "Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue." + "value": "Motorola thanks Lennert Wouters and G\u00fcnes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue." } ], "data_format": "MITRE", @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://binatoneglobal.com/security-advisory/" + "refsource": "MISC", + "url": "https://binatoneglobal.com/security-advisory/", + "name": "https://binatoneglobal.com/security-advisory/" } ] }, diff --git a/2021/3xxx/CVE-2021-3791.json b/2021/3xxx/CVE-2021-3791.json index fcf9a7d2704..f2c477c7749 100644 --- a/2021/3xxx/CVE-2021-3791.json +++ b/2021/3xxx/CVE-2021-3791.json @@ -31,7 +31,7 @@ "credit": [ { "lang": "eng", - "value": "Motorola thanks Lennert Wouters and Günes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue." + "value": "Motorola thanks Lennert Wouters and G\u00fcnes Acar, imec-COSIC, KU Leuven, Belgium for reporting this issue." } ], "data_format": "MITRE", @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://binatoneglobal.com/security-advisory/" + "refsource": "MISC", + "url": "https://binatoneglobal.com/security-advisory/", + "name": "https://binatoneglobal.com/security-advisory/" } ] }, diff --git a/2021/3xxx/CVE-2021-3792.json b/2021/3xxx/CVE-2021-3792.json index c6634dbb821..43db222153d 100644 --- a/2021/3xxx/CVE-2021-3792.json +++ b/2021/3xxx/CVE-2021-3792.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://binatoneglobal.com/security-advisory/" + "refsource": "MISC", + "url": "https://binatoneglobal.com/security-advisory/", + "name": "https://binatoneglobal.com/security-advisory/" } ] }, diff --git a/2021/3xxx/CVE-2021-3793.json b/2021/3xxx/CVE-2021-3793.json index 52e802dd0b3..7e6c66ad26b 100644 --- a/2021/3xxx/CVE-2021-3793.json +++ b/2021/3xxx/CVE-2021-3793.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://binatoneglobal.com/security-advisory/" + "refsource": "MISC", + "url": "https://binatoneglobal.com/security-advisory/", + "name": "https://binatoneglobal.com/security-advisory/" } ] }, diff --git a/2021/3xxx/CVE-2021-3840.json b/2021/3xxx/CVE-2021-3840.json index 74279d1fc67..5e55c4fdc70 100644 --- a/2021/3xxx/CVE-2021-3840.json +++ b/2021/3xxx/CVE-2021-3840.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi).\nMITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi.\nThe configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi." + "value": "A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi." } ] }, @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://github.com/lenovo/Antilles/security/advisories/GHSA-hgc3-hp6x-wpgx" + "refsource": "MISC", + "url": "https://github.com/lenovo/Antilles/security/advisories/GHSA-hgc3-hp6x-wpgx", + "name": "https://github.com/lenovo/Antilles/security/advisories/GHSA-hgc3-hp6x-wpgx" } ] }, diff --git a/2021/3xxx/CVE-2021-3843.json b/2021/3xxx/CVE-2021-3843.json index 3c8cd5c4446..f4f85e42eb4 100644 --- a/2021/3xxx/CVE-2021-3843.json +++ b/2021/3xxx/CVE-2021-3843.json @@ -79,8 +79,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/us/en/product_security/LEN-72619" + "refsource": "MISC", + "url": "https://support.lenovo.com/us/en/product_security/LEN-72619", + "name": "https://support.lenovo.com/us/en/product_security/LEN-72619" } ] }, diff --git a/2021/42xxx/CVE-2021-42340.json b/2021/42xxx/CVE-2021-42340.json index 01bb937b8e8..b0640b97094 100644 --- a/2021/42xxx/CVE-2021-42340.json +++ b/2021/42xxx/CVE-2021-42340.json @@ -85,6 +85,16 @@ "refsource": "MLIST", "name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340", "url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20211104-0001/", + "url": "https://security.netapp.com/advisory/ntap-20211104-0001/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-5009", + "url": "https://www.debian.org/security/2021/dsa-5009" } ] }, diff --git a/2021/43xxx/CVE-2021-43612.json b/2021/43xxx/CVE-2021-43612.json new file mode 100644 index 00000000000..78b5d888bff --- /dev/null +++ b/2021/43xxx/CVE-2021-43612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43613.json b/2021/43xxx/CVE-2021-43613.json new file mode 100644 index 00000000000..5ca2c99e070 --- /dev/null +++ b/2021/43xxx/CVE-2021-43613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/43xxx/CVE-2021-43614.json b/2021/43xxx/CVE-2021-43614.json new file mode 100644 index 00000000000..1dee51329c4 --- /dev/null +++ b/2021/43xxx/CVE-2021-43614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file