diff --git a/2021/23xxx/CVE-2021-23827.json b/2021/23xxx/CVE-2021-23827.json index 5214c10f67f..a2578d805be 100644 --- a/2021/23xxx/CVE-2021-23827.json +++ b/2021/23xxx/CVE-2021-23827.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-23827", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-23827", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the \"Explode message/Explode now\" functionality. Local filesystem access is needed by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/keybase/client/releases", + "refsource": "MISC", + "name": "https://github.com/keybase/client/releases" + }, + { + "refsource": "MISC", + "name": "https://johnjhacking.com/blog/cve-2021-23827/", + "url": "https://johnjhacking.com/blog/cve-2021-23827/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1074930", + "url": "https://hackerone.com/reports/1074930" } ] } diff --git a/2021/27xxx/CVE-2021-27189.json b/2021/27xxx/CVE-2021-27189.json index 17af6700e90..c10dfbcbdeb 100644 --- a/2021/27xxx/CVE-2021-27189.json +++ b/2021/27xxx/CVE-2021-27189.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27189", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27189", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.info-sec.ca/advisories/CIRA-Canadian-Shield.html", + "refsource": "MISC", + "name": "https://www.info-sec.ca/advisories/CIRA-Canadian-Shield.html" } ] } diff --git a/2021/3xxx/CVE-2021-3336.json b/2021/3xxx/CVE-2021-3336.json index fca217c8609..f0d7c0d25ed 100644 --- a/2021/3xxx/CVE-2021-3336.json +++ b/2021/3xxx/CVE-2021-3336.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate)." + "value": "DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers." } ] },