diff --git a/2017/1000xxx/CVE-2017-1000170.json b/2017/1000xxx/CVE-2017-1000170.json index c2ab8fff40e..05a53d7775d 100644 --- a/2017/1000xxx/CVE-2017-1000170.json +++ b/2017/1000xxx/CVE-2017-1000170.json @@ -58,6 +58,11 @@ "name": "https://github.com/jqueryfiletree/jqueryfiletree/issues/66", "refsource": "MISC", "url": "https://github.com/jqueryfiletree/jqueryfiletree/issues/66" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.html" } ] } diff --git a/2020/27xxx/CVE-2020-27216.json b/2020/27xxx/CVE-2020-27216.json index eeff4848cc3..93aedf3faf8 100644 --- a/2020/27xxx/CVE-2020-27216.json +++ b/2020/27xxx/CVE-2020-27216.json @@ -520,6 +520,16 @@ "refsource": "MLIST", "name": "[beam-issues] 20210316 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216", "url": "https://lists.apache.org/thread.html/r0d7ad4f02c44d5d53a9ffcbca7ff4a8138241322da9c5c35b5429630@%3Cissues.beam.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[beam-issues] 20210322 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/rc1646894341450fdc4f7e96a88f5e2cf18d8004714f98aec6b831b3e@%3Cissues.beam.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[beam-issues] 20210322 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216", + "url": "https://lists.apache.org/thread.html/rb8ad3745cb94c60d44cc369aff436eaf03dbc93112cefc86a2ed53ba@%3Cissues.beam.apache.org%3E" } ] } diff --git a/2021/27xxx/CVE-2021-27593.json b/2021/27xxx/CVE-2021-27593.json index c6eb30744f8..8fb1e43d317 100644 --- a/2021/27xxx/CVE-2021-27593.json +++ b/2021/27xxx/CVE-2021-27593.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3035472", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3035472" } ] } diff --git a/2021/27xxx/CVE-2021-27594.json b/2021/27xxx/CVE-2021-27594.json index 0681ae8c27c..e1e262448ca 100644 --- a/2021/27xxx/CVE-2021-27594.json +++ b/2021/27xxx/CVE-2021-27594.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3035472", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3035472" } ] } diff --git a/2021/27xxx/CVE-2021-27595.json b/2021/27xxx/CVE-2021-27595.json index 68d34cfec52..0b2708e25da 100644 --- a/2021/27xxx/CVE-2021-27595.json +++ b/2021/27xxx/CVE-2021-27595.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3035472", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3035472" } ] } diff --git a/2021/27xxx/CVE-2021-27596.json b/2021/27xxx/CVE-2021-27596.json index b2b647d8304..ff47dc6994e 100644 --- a/2021/27xxx/CVE-2021-27596.json +++ b/2021/27xxx/CVE-2021-27596.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP 3D Visual Enterprise Viewer", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "9" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107", + "refsource": "MISC", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/3035472", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/3035472" } ] } diff --git a/2021/27xxx/CVE-2021-27646.json b/2021/27xxx/CVE-2021-27646.json index 11b24d9a4f1..2bc0a83e78f 100644 --- a/2021/27xxx/CVE-2021-27646.json +++ b/2021/27xxx/CVE-2021-27646.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_26" }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-340/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-340/" + }, { "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-339/", diff --git a/2021/27xxx/CVE-2021-27647.json b/2021/27xxx/CVE-2021-27647.json index 5cc0025aa38..599f4265653 100644 --- a/2021/27xxx/CVE-2021-27647.json +++ b/2021/27xxx/CVE-2021-27647.json @@ -65,7 +65,12 @@ "url": "https://www.synology.com/security/advisory/Synology_SA_20_26", "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_26" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-339/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-339/" } ] } -} +} \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27889.json b/2021/27xxx/CVE-2021-27889.json index 3303826b20e..0a639addc63 100644 --- a/2021/27xxx/CVE-2021-27889.json +++ b/2021/27xxx/CVE-2021-27889.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm", "url": "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html" } ] } diff --git a/2021/27xxx/CVE-2021-27890.json b/2021/27xxx/CVE-2021-27890.json index 02cf3a1a655..a05c3f52b04 100644 --- a/2021/27xxx/CVE-2021-27890.json +++ b/2021/27xxx/CVE-2021-27890.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq", "url": "https://github.com/mybb/mybb/security/advisories/GHSA-r34m-ccm8-mfhq" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/161908/MyBB-1.8.25-Remote-Command-Execution.html" } ] } diff --git a/2021/28xxx/CVE-2021-28133.json b/2021/28xxx/CVE-2021-28133.json index 98d594fb782..f76e1b3f5b7 100644 --- a/2021/28xxx/CVE-2021-28133.json +++ b/2021/28xxx/CVE-2021-28133.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html", "url": "https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.0301-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/161897/Zoom-5.4.3-54779.1115-5.5.4-13142.0301-Information-Disclosure.html" } ] } diff --git a/2021/28xxx/CVE-2021-28971.json b/2021/28xxx/CVE-2021-28971.json new file mode 100644 index 00000000000..ccb8accdd9d --- /dev/null +++ b/2021/28xxx/CVE-2021-28971.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-28971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea" + } + ] + } +} \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28972.json b/2021/28xxx/CVE-2021-28972.json new file mode 100644 index 00000000000..15469fc3dde --- /dev/null +++ b/2021/28xxx/CVE-2021-28972.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-28972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc7a0bb058b85ea03db87169c60c7cfdd5d34678", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc7a0bb058b85ea03db87169c60c7cfdd5d34678" + } + ] + } +} \ No newline at end of file