From 72a898f0ccf4a6c00f98bdd9f07a0c03c674409c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 3 Aug 2021 00:01:05 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/21xxx/CVE-2021-21553.json | 43 +++++++++++----------- 2021/21xxx/CVE-2021-21562.json | 43 +++++++++++----------- 2021/21xxx/CVE-2021-21563.json | 43 +++++++++++----------- 2021/21xxx/CVE-2021-21565.json | 43 +++++++++++----------- 2021/37xxx/CVE-2021-37914.json | 67 ++++++++++++++++++++++++++++++++++ 2021/37xxx/CVE-2021-37915.json | 18 +++++++++ 2021/37xxx/CVE-2021-37916.json | 67 ++++++++++++++++++++++++++++++++++ 2021/37xxx/CVE-2021-37917.json | 18 +++++++++ 2021/3xxx/CVE-2021-3675.json | 18 +++++++++ 2021/3xxx/CVE-2021-3676.json | 18 +++++++++ 10 files changed, 294 insertions(+), 84 deletions(-) create mode 100644 2021/37xxx/CVE-2021-37914.json create mode 100644 2021/37xxx/CVE-2021-37915.json create mode 100644 2021/37xxx/CVE-2021-37916.json create mode 100644 2021/37xxx/CVE-2021-37917.json create mode 100644 2021/3xxx/CVE-2021-3675.json create mode 100644 2021/3xxx/CVE-2021-3676.json diff --git a/2021/21xxx/CVE-2021-21553.json b/2021/21xxx/CVE-2021-21553.json index fe4dd328bc6..ab2189f438f 100644 --- a/2021/21xxx/CVE-2021-21553.json +++ b/2021/21xxx/CVE-2021-21553.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-06-09", - "ID": "CVE-2021-21553", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-06-09", + "ID": "CVE-2021-21553", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale OneFS", + "product_name": "PowerScale OneFS", "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "=", "version_value": "8.1.0-9.1.0" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest." } ] - }, + }, "impact": { "cvss": { - "baseScore": 7.3, - "baseSeverity": "High", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "High", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-286: Incorrect User Management" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000188148" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000188148", + "name": "https://www.dell.com/support/kbdoc/000188148" } ] } diff --git a/2021/21xxx/CVE-2021-21562.json b/2021/21xxx/CVE-2021-21562.json index 58aa87a3253..dfc3d68336f 100644 --- a/2021/21xxx/CVE-2021-21562.json +++ b/2021/21xxx/CVE-2021-21562.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-06-09", - "ID": "CVE-2021-21562", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-06-09", + "ID": "CVE-2021-21562", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale OneFS", + "product_name": "PowerScale OneFS", "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "=", "version_value": "8.1.2, 8.1.3, 9.1.0.x, 9.0.0.x" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application\u2019s direct control." } ] - }, + }, "impact": { "cvss": { - "baseScore": 4.4, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 4.4, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-426: Untrusted Search Path" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000188148" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000188148", + "name": "https://www.dell.com/support/kbdoc/000188148" } ] } diff --git a/2021/21xxx/CVE-2021-21563.json b/2021/21xxx/CVE-2021-21563.json index 3ca80bc7569..ff4823b0b6b 100644 --- a/2021/21xxx/CVE-2021-21563.json +++ b/2021/21xxx/CVE-2021-21563.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-06-09", - "ID": "CVE-2021-21563", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-06-09", + "ID": "CVE-2021-21563", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale OneFS", + "product_name": "PowerScale OneFS", "version": { "version_data": [ { - "version_affected": "=", + "version_affected": "=", "version_value": "8.1.2-9.1.0.x" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event." } ] - }, + }, "impact": { "cvss": { - "baseScore": 6.5, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000188148" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000188148", + "name": "https://www.dell.com/support/kbdoc/000188148" } ] } diff --git a/2021/21xxx/CVE-2021-21565.json b/2021/21xxx/CVE-2021-21565.json index 2c4c204c81c..55a62e5f20d 100644 --- a/2021/21xxx/CVE-2021-21565.json +++ b/2021/21xxx/CVE-2021-21565.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2021-06-09", - "ID": "CVE-2021-21565", + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2021-06-09", + "ID": "CVE-2021-21565", "STATE": "PUBLIC" - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -12,59 +12,60 @@ "product": { "product_data": [ { - "product_name": "PowerScale OneFS", + "product_name": "PowerScale OneFS", "version": { "version_data": [ { - "version_affected": "<=", + "version_affected": "<=", "version_value": "9.1.0.3" } ] } } ] - }, + }, "vendor_name": "Dell" } ] } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { - "lang": "eng", + "lang": "eng", "value": "Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses." } ] - }, + }, "impact": { "cvss": { - "baseScore": 5.3, - "baseSeverity": "Medium", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } - }, + }, "problemtype": { "problemtype_data": [ { "description": [ { - "lang": "eng", + "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] - }, + }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000188148" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000188148", + "name": "https://www.dell.com/support/kbdoc/000188148" } ] } diff --git a/2021/37xxx/CVE-2021-37914.json b/2021/37xxx/CVE-2021-37914.json new file mode 100644 index 00000000000..67d450b9530 --- /dev/null +++ b/2021/37xxx/CVE-2021-37914.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-37914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/argoproj/argo-workflows/issues/6441", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-workflows/issues/6441" + }, + { + "url": "https://github.com/argoproj/argo-workflows/pull/6442", + "refsource": "MISC", + "name": "https://github.com/argoproj/argo-workflows/pull/6442" + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37915.json b/2021/37xxx/CVE-2021-37915.json new file mode 100644 index 00000000000..2112ed34cd1 --- /dev/null +++ b/2021/37xxx/CVE-2021-37915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37916.json b/2021/37xxx/CVE-2021-37916.json new file mode 100644 index 00000000000..d044e1b1080 --- /dev/null +++ b/2021/37xxx/CVE-2021-37916.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-37916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joplin before 2.0.9 allows XSS via button and form in the note body." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26", + "refsource": "MISC", + "name": "https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26" + }, + { + "url": "https://github.com/laurent22/joplin/releases/tag/v2.0.9", + "refsource": "MISC", + "name": "https://github.com/laurent22/joplin/releases/tag/v2.0.9" + } + ] + } +} \ No newline at end of file diff --git a/2021/37xxx/CVE-2021-37917.json b/2021/37xxx/CVE-2021-37917.json new file mode 100644 index 00000000000..e735d778af3 --- /dev/null +++ b/2021/37xxx/CVE-2021-37917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-37917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3675.json b/2021/3xxx/CVE-2021-3675.json new file mode 100644 index 00000000000..aa4d4e4577b --- /dev/null +++ b/2021/3xxx/CVE-2021-3675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3676.json b/2021/3xxx/CVE-2021-3676.json new file mode 100644 index 00000000000..5abf64ba484 --- /dev/null +++ b/2021/3xxx/CVE-2021-3676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file