From 7c3d89c064bf71006afe220cf0dfb6bfe98fd3b1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 13 May 2021 18:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12725.json | 5 +++ 2019/17xxx/CVE-2019-17026.json | 5 +++ 2020/0xxx/CVE-2020-0674.json | 5 +++ 2020/11xxx/CVE-2020-11976.json | 10 +++++ 2020/1xxx/CVE-2020-1971.json | 5 +++ 2020/28xxx/CVE-2020-28196.json | 5 +++ 2021/20xxx/CVE-2021-20204.json | 5 +++ 2021/22xxx/CVE-2021-22135.json | 82 +++++++++++++++++----------------- 2021/22xxx/CVE-2021-22136.json | 82 +++++++++++++++++----------------- 2021/22xxx/CVE-2021-22137.json | 82 +++++++++++++++++----------------- 2021/22xxx/CVE-2021-22138.json | 82 +++++++++++++++++----------------- 2021/22xxx/CVE-2021-22139.json | 82 +++++++++++++++++----------------- 2021/22xxx/CVE-2021-22140.json | 82 +++++++++++++++++----------------- 2021/23xxx/CVE-2021-23841.json | 5 +++ 2021/26xxx/CVE-2021-26419.json | 5 +++ 2021/2xxx/CVE-2021-2144.json | 5 +++ 2021/2xxx/CVE-2021-2146.json | 5 +++ 2021/2xxx/CVE-2021-2154.json | 5 +++ 2021/2xxx/CVE-2021-2160.json | 5 +++ 2021/2xxx/CVE-2021-2161.json | 5 +++ 2021/2xxx/CVE-2021-2162.json | 5 +++ 2021/2xxx/CVE-2021-2163.json | 5 +++ 2021/2xxx/CVE-2021-2164.json | 5 +++ 2021/2xxx/CVE-2021-2166.json | 5 +++ 2021/2xxx/CVE-2021-2169.json | 5 +++ 2021/2xxx/CVE-2021-2170.json | 5 +++ 2021/2xxx/CVE-2021-2171.json | 5 +++ 2021/2xxx/CVE-2021-2172.json | 5 +++ 2021/2xxx/CVE-2021-2174.json | 5 +++ 2021/2xxx/CVE-2021-2178.json | 5 +++ 2021/2xxx/CVE-2021-2179.json | 5 +++ 2021/2xxx/CVE-2021-2180.json | 5 +++ 2021/2xxx/CVE-2021-2193.json | 5 +++ 2021/2xxx/CVE-2021-2194.json | 5 +++ 2021/2xxx/CVE-2021-2196.json | 5 +++ 2021/2xxx/CVE-2021-2201.json | 5 +++ 2021/2xxx/CVE-2021-2202.json | 5 +++ 2021/2xxx/CVE-2021-2203.json | 5 +++ 2021/2xxx/CVE-2021-2208.json | 5 +++ 2021/2xxx/CVE-2021-2212.json | 5 +++ 2021/2xxx/CVE-2021-2213.json | 5 +++ 2021/2xxx/CVE-2021-2215.json | 5 +++ 2021/2xxx/CVE-2021-2217.json | 5 +++ 2021/2xxx/CVE-2021-2226.json | 5 +++ 2021/2xxx/CVE-2021-2230.json | 5 +++ 2021/2xxx/CVE-2021-2232.json | 5 +++ 2021/2xxx/CVE-2021-2278.json | 5 +++ 2021/2xxx/CVE-2021-2293.json | 5 +++ 2021/2xxx/CVE-2021-2298.json | 5 +++ 2021/2xxx/CVE-2021-2299.json | 5 +++ 2021/2xxx/CVE-2021-2300.json | 5 +++ 2021/2xxx/CVE-2021-2301.json | 5 +++ 2021/2xxx/CVE-2021-2304.json | 5 +++ 2021/2xxx/CVE-2021-2305.json | 5 +++ 2021/2xxx/CVE-2021-2307.json | 5 +++ 2021/2xxx/CVE-2021-2308.json | 5 +++ 2021/32xxx/CVE-2021-32917.json | 5 +++ 2021/32xxx/CVE-2021-32918.json | 5 +++ 2021/32xxx/CVE-2021-32919.json | 5 +++ 2021/32xxx/CVE-2021-32920.json | 5 +++ 2021/32xxx/CVE-2021-32921.json | 5 +++ 2021/32xxx/CVE-2021-32924.json | 18 ++++++++ 2021/32xxx/CVE-2021-32925.json | 67 +++++++++++++++++++++++++++ 2021/3xxx/CVE-2021-3449.json | 5 +++ 64 files changed, 622 insertions(+), 240 deletions(-) create mode 100644 2021/32xxx/CVE-2021-32924.json create mode 100644 2021/32xxx/CVE-2021-32925.json diff --git a/2019/12xxx/CVE-2019-12725.json b/2019/12xxx/CVE-2019-12725.json index 84cc28435fb..c97a7e045ad 100644 --- a/2019/12xxx/CVE-2019-12725.json +++ b/2019/12xxx/CVE-2019-12725.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html", "url": "http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html" } ] } diff --git a/2019/17xxx/CVE-2019-17026.json b/2019/17xxx/CVE-2019-17026.json index 4342e9717f8..b1891bc3f9d 100644 --- a/2019/17xxx/CVE-2019-17026.json +++ b/2019/17xxx/CVE-2019-17026.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4335-1", "url": "https://usn.ubuntu.com/4335-1/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html", + "url": "http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html" } ] }, diff --git a/2020/0xxx/CVE-2020-0674.json b/2020/0xxx/CVE-2020-0674.json index c8424a4454f..62fcf44b4bf 100644 --- a/2020/0xxx/CVE-2020-0674.json +++ b/2020/0xxx/CVE-2020-0674.json @@ -227,6 +227,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.html", "url": "http://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.html", + "url": "http://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.html" } ] } diff --git a/2020/11xxx/CVE-2020-11976.json b/2020/11xxx/CVE-2020-11976.json index 3bf57c92b97..466b992e8b7 100644 --- a/2020/11xxx/CVE-2020-11976.json +++ b/2020/11xxx/CVE-2020-11976.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E", "url": "https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[directory-commits] 20210513 [directory-fortress-commander] branch master updated: FC-293 - CVE-2020-11976 - upgrade wicket core -> 8.9.0", + "url": "https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7@%3Ccommits.directory.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[directory-dev] 20210513 [jira] [Created] (FC-293) [fortress-web] CVE-2020-11976", + "url": "https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19@%3Cdev.directory.apache.org%3E" } ] }, diff --git a/2020/1xxx/CVE-2020-1971.json b/2020/1xxx/CVE-2020-1971.json index 234ddd2b8a4..b0f3216ff11 100644 --- a/2020/1xxx/CVE-2020-1971.json +++ b/2020/1xxx/CVE-2020-1971.json @@ -154,6 +154,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2021-09", "url": "https://www.tenable.com/security/tns-2021-09" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2020/28xxx/CVE-2020-28196.json b/2020/28xxx/CVE-2020-28196.json index 207de9d50fb..4b155471a54 100644 --- a/2020/28xxx/CVE-2020-28196.json +++ b/2020/28xxx/CVE-2020-28196.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20201202-0001/", "url": "https://security.netapp.com/advisory/ntap-20201202-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/20xxx/CVE-2021-20204.json b/2021/20xxx/CVE-2021-20204.json index e5f463eca9c..4fb1ea713c5 100644 --- a/2021/20xxx/CVE-2021-20204.json +++ b/2021/20xxx/CVE-2021-20204.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956348" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210513 [SECURITY] [DLA 2660-1] libgetdata security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00015.html" } ] }, diff --git a/2021/22xxx/CVE-2021-22135.json b/2021/22xxx/CVE-2021-22135.json index 6513a759fa1..0509ac9269d 100644 --- a/2021/22xxx/CVE-2021-22135.json +++ b/2021/22xxx/CVE-2021-22135.json @@ -3,58 +3,60 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", + "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22135", "STATE": "PUBLIC" }, "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "Elasticsearch", - "version": { - "version_data": [ - { - "version_value": "before 7.11.2 and 6.8.15" - } - ] - } + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elasticsearch", + "version": { + "version_data": [ + { + "version_value": "before 7.11.2 and 6.8.15" + } + ] + } + } + ] + } } - ] - } - } - ] - } + ] + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" - } - ] + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view." + } + ] } -} +} \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22136.json b/2021/22xxx/CVE-2021-22136.json index c6130e73fc2..a3f76c03861 100644 --- a/2021/22xxx/CVE-2021-22136.json +++ b/2021/22xxx/CVE-2021-22136.json @@ -3,58 +3,60 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", + "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22136", "STATE": "PUBLIC" }, "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "Kibana", - "version": { - "version_data": [ - { - "version_value": "before 7.12.0 and 6.8.15" - } - ] - } + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "before 7.12.0 and 6.8.15" + } + ] + } + } + ] + } } - ] - } - } - ] - } + ] + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-613: Insufficient Session Expiration" + "description": [ + { + "lang": "eng", + "value": "CWE-613: Insufficient Session Expiration" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" - } - ] + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out." + } + ] } -} +} \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22137.json b/2021/22xxx/CVE-2021-22137.json index ba09a725a53..a6bf234402b 100644 --- a/2021/22xxx/CVE-2021-22137.json +++ b/2021/22xxx/CVE-2021-22137.json @@ -3,58 +3,60 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", + "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22137", "STATE": "PUBLIC" }, "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "Elasticsearch", - "version": { - "version_data": [ - { - "version_value": "before 7.11.2 and 6.8.15" - } - ] - } + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elasticsearch", + "version": { + "version_data": [ + { + "version_value": "before 7.11.2 and 6.8.15" + } + ] + } + } + ] + } } - ] - } - } - ] - } + ] + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" - } - ] + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices." + } + ] } -} +} \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22138.json b/2021/22xxx/CVE-2021-22138.json index 7117387f104..85f00b24e7d 100644 --- a/2021/22xxx/CVE-2021-22138.json +++ b/2021/22xxx/CVE-2021-22138.json @@ -3,58 +3,60 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", + "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22138", "STATE": "PUBLIC" }, "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "Elasticsearch", - "version": { - "version_data": [ - { - "version_value": "after 6.4.0 and before 6.8.15 and 7.12.0" - } - ] - } + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elasticsearch", + "version": { + "version_data": [ + { + "version_value": "after 6.4.0 and before 6.8.15 and 7.12.0" + } + ] + } + } + ] + } } - ] - } - } - ] - } + ] + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-295: Improper Certificate Validation" + "description": [ + { + "lang": "eng", + "value": "CWE-295: Improper Certificate Validation" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" - } - ] + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data." + } + ] } -} +} \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22139.json b/2021/22xxx/CVE-2021-22139.json index 2ad98d0bab1..e01fd432722 100644 --- a/2021/22xxx/CVE-2021-22139.json +++ b/2021/22xxx/CVE-2021-22139.json @@ -3,58 +3,60 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", + "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22139", "STATE": "PUBLIC" }, "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "Kibana", - "version": { - "version_data": [ - { - "version_value": "before 7.12.1" - } - ] - } + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "before 7.12.1" + } + ] + } + } + ] + } } - ] - } - } - ] - } + ] + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption" + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/7-12-1-security-update/271433" - } - ] + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/7-12-1-security-update/271433", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/7-12-1-security-update/271433" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users." + } + ] } -} +} \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22140.json b/2021/22xxx/CVE-2021-22140.json index cc09f07a67e..b5ca68e5e1f 100644 --- a/2021/22xxx/CVE-2021-22140.json +++ b/2021/22xxx/CVE-2021-22140.json @@ -3,58 +3,60 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", + "ASSIGNER": "security@elastic.co", "ID": "CVE-2021-22140", "STATE": "PUBLIC" }, "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "Elastic App Search", - "version": { - "version_data": [ - { - "version_value": "after 7.11.0 and before 7.12.0" - } - ] - } + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elastic App Search", + "version": { + "version_data": [ + { + "version_value": "after 7.11.0 and before 7.12.0" + } + ] + } + } + ] + } } - ] - } - } - ] - } + ] + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-611: Improper Restriction of XML External Entity Reference" + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/7-12-1-security-update/271433" - } - ] + "reference_data": [ + { + "url": "https://discuss.elastic.co/t/7-12-1-security-update/271433", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/7-12-1-security-update/271433" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of the host running the instance and obtain sensitive files." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of the host running the instance and obtain sensitive files." + } + ] } -} +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23841.json b/2021/23xxx/CVE-2021-23841.json index c72fb572eb6..4d1e7a5707f 100644 --- a/2021/23xxx/CVE-2021-23841.json +++ b/2021/23xxx/CVE-2021-23841.json @@ -109,6 +109,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2021-09", "url": "https://www.tenable.com/security/tns-2021-09" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/26xxx/CVE-2021-26419.json b/2021/26xxx/CVE-2021-26419.json index f7d5a3f11c6..efde592dab7 100644 --- a/2021/26xxx/CVE-2021-26419.json +++ b/2021/26xxx/CVE-2021-26419.json @@ -223,6 +223,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/162570/Internet-Explorer-jscript9.dll-Memory-Corruption.html", + "url": "http://packetstormsecurity.com/files/162570/Internet-Explorer-jscript9.dll-Memory-Corruption.html" } ] } diff --git a/2021/2xxx/CVE-2021-2144.json b/2021/2xxx/CVE-2021-2144.json index 76bed22cf75..86a4bea5f56 100644 --- a/2021/2xxx/CVE-2021-2144.json +++ b/2021/2xxx/CVE-2021-2144.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2146.json b/2021/2xxx/CVE-2021-2146.json index 5a9a8338620..d719ee77854 100644 --- a/2021/2xxx/CVE-2021-2146.json +++ b/2021/2xxx/CVE-2021-2146.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2154.json b/2021/2xxx/CVE-2021-2154.json index a1764e38335..183c96a1db2 100644 --- a/2021/2xxx/CVE-2021-2154.json +++ b/2021/2xxx/CVE-2021-2154.json @@ -69,6 +69,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-68db93b130", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2160.json b/2021/2xxx/CVE-2021-2160.json index 391aaa862aa..6380df0fadd 100644 --- a/2021/2xxx/CVE-2021-2160.json +++ b/2021/2xxx/CVE-2021-2160.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2161.json b/2021/2xxx/CVE-2021-2161.json index 7b0541a2391..898b65347a7 100644 --- a/2021/2xxx/CVE-2021-2161.json +++ b/2021/2xxx/CVE-2021-2161.json @@ -132,6 +132,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b88e86b753", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0001/" } ] } diff --git a/2021/2xxx/CVE-2021-2162.json b/2021/2xxx/CVE-2021-2162.json index ed6e4c755d7..c2b716a49f7 100644 --- a/2021/2xxx/CVE-2021-2162.json +++ b/2021/2xxx/CVE-2021-2162.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2163.json b/2021/2xxx/CVE-2021-2163.json index 802d5113a05..443917fe2f5 100644 --- a/2021/2xxx/CVE-2021-2163.json +++ b/2021/2xxx/CVE-2021-2163.json @@ -132,6 +132,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b88e86b753", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0001/" } ] } diff --git a/2021/2xxx/CVE-2021-2164.json b/2021/2xxx/CVE-2021-2164.json index 8e2c248f3dd..225e6cbf681 100644 --- a/2021/2xxx/CVE-2021-2164.json +++ b/2021/2xxx/CVE-2021-2164.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2166.json b/2021/2xxx/CVE-2021-2166.json index 66f05f7bfcc..a01f99fc7db 100644 --- a/2021/2xxx/CVE-2021-2166.json +++ b/2021/2xxx/CVE-2021-2166.json @@ -88,6 +88,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-68db93b130", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2169.json b/2021/2xxx/CVE-2021-2169.json index e0140b44437..028fb18143f 100644 --- a/2021/2xxx/CVE-2021-2169.json +++ b/2021/2xxx/CVE-2021-2169.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2170.json b/2021/2xxx/CVE-2021-2170.json index ddfbf1d7bb0..d4978373a41 100644 --- a/2021/2xxx/CVE-2021-2170.json +++ b/2021/2xxx/CVE-2021-2170.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2171.json b/2021/2xxx/CVE-2021-2171.json index 30358a87b90..0b69cf39c1d 100644 --- a/2021/2xxx/CVE-2021-2171.json +++ b/2021/2xxx/CVE-2021-2171.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2172.json b/2021/2xxx/CVE-2021-2172.json index 6e4d1b78d22..16e7995bf4a 100644 --- a/2021/2xxx/CVE-2021-2172.json +++ b/2021/2xxx/CVE-2021-2172.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2174.json b/2021/2xxx/CVE-2021-2174.json index 08010155a97..9b5cf3c8be9 100644 --- a/2021/2xxx/CVE-2021-2174.json +++ b/2021/2xxx/CVE-2021-2174.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2178.json b/2021/2xxx/CVE-2021-2178.json index eac1371cfdf..303d168cc3f 100644 --- a/2021/2xxx/CVE-2021-2178.json +++ b/2021/2xxx/CVE-2021-2178.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2179.json b/2021/2xxx/CVE-2021-2179.json index 265a6f3d876..59f6009cd1a 100644 --- a/2021/2xxx/CVE-2021-2179.json +++ b/2021/2xxx/CVE-2021-2179.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2180.json b/2021/2xxx/CVE-2021-2180.json index 375b2279ef4..13f66c100e1 100644 --- a/2021/2xxx/CVE-2021-2180.json +++ b/2021/2xxx/CVE-2021-2180.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2193.json b/2021/2xxx/CVE-2021-2193.json index 7c4315c30b1..b24d6c2b774 100644 --- a/2021/2xxx/CVE-2021-2193.json +++ b/2021/2xxx/CVE-2021-2193.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2194.json b/2021/2xxx/CVE-2021-2194.json index 7edefd81485..154aeef1021 100644 --- a/2021/2xxx/CVE-2021-2194.json +++ b/2021/2xxx/CVE-2021-2194.json @@ -83,6 +83,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2196.json b/2021/2xxx/CVE-2021-2196.json index 2dd64c744c7..6d2d28e907a 100644 --- a/2021/2xxx/CVE-2021-2196.json +++ b/2021/2xxx/CVE-2021-2196.json @@ -79,6 +79,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-b8b7829a83", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2201.json b/2021/2xxx/CVE-2021-2201.json index d4090ad5790..d95214eac24 100644 --- a/2021/2xxx/CVE-2021-2201.json +++ b/2021/2xxx/CVE-2021-2201.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2202.json b/2021/2xxx/CVE-2021-2202.json index 39a8c489966..cd286c7ee9a 100644 --- a/2021/2xxx/CVE-2021-2202.json +++ b/2021/2xxx/CVE-2021-2202.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2203.json b/2021/2xxx/CVE-2021-2203.json index 7f70f21bcae..44a58a4e62a 100644 --- a/2021/2xxx/CVE-2021-2203.json +++ b/2021/2xxx/CVE-2021-2203.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2208.json b/2021/2xxx/CVE-2021-2208.json index 07bda4160da..aa928a52e18 100644 --- a/2021/2xxx/CVE-2021-2208.json +++ b/2021/2xxx/CVE-2021-2208.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2212.json b/2021/2xxx/CVE-2021-2212.json index 4cd022a800e..317d59ddc5f 100644 --- a/2021/2xxx/CVE-2021-2212.json +++ b/2021/2xxx/CVE-2021-2212.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2213.json b/2021/2xxx/CVE-2021-2213.json index 385b1d3d117..9883c193ea2 100644 --- a/2021/2xxx/CVE-2021-2213.json +++ b/2021/2xxx/CVE-2021-2213.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2215.json b/2021/2xxx/CVE-2021-2215.json index 615a40745ac..299dbbf43b3 100644 --- a/2021/2xxx/CVE-2021-2215.json +++ b/2021/2xxx/CVE-2021-2215.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2217.json b/2021/2xxx/CVE-2021-2217.json index adc9f5196be..88e66253b2d 100644 --- a/2021/2xxx/CVE-2021-2217.json +++ b/2021/2xxx/CVE-2021-2217.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2226.json b/2021/2xxx/CVE-2021-2226.json index a8201a5a080..3a61cb2e0fc 100644 --- a/2021/2xxx/CVE-2021-2226.json +++ b/2021/2xxx/CVE-2021-2226.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2230.json b/2021/2xxx/CVE-2021-2230.json index e95caae31dc..c6647b0c9b3 100644 --- a/2021/2xxx/CVE-2021-2230.json +++ b/2021/2xxx/CVE-2021-2230.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2232.json b/2021/2xxx/CVE-2021-2232.json index ccd243e562d..65cfa65feb2 100644 --- a/2021/2xxx/CVE-2021-2232.json +++ b/2021/2xxx/CVE-2021-2232.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2278.json b/2021/2xxx/CVE-2021-2278.json index 1bd518059ad..0916ce577c0 100644 --- a/2021/2xxx/CVE-2021-2278.json +++ b/2021/2xxx/CVE-2021-2278.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2293.json b/2021/2xxx/CVE-2021-2293.json index 10b75601748..797bb78bd87 100644 --- a/2021/2xxx/CVE-2021-2293.json +++ b/2021/2xxx/CVE-2021-2293.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2298.json b/2021/2xxx/CVE-2021-2298.json index 094f3e285ca..712110d0c55 100644 --- a/2021/2xxx/CVE-2021-2298.json +++ b/2021/2xxx/CVE-2021-2298.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2299.json b/2021/2xxx/CVE-2021-2299.json index b9f36b287db..86eb18b697f 100644 --- a/2021/2xxx/CVE-2021-2299.json +++ b/2021/2xxx/CVE-2021-2299.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2300.json b/2021/2xxx/CVE-2021-2300.json index 071f96df667..4d1f377cb03 100644 --- a/2021/2xxx/CVE-2021-2300.json +++ b/2021/2xxx/CVE-2021-2300.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2301.json b/2021/2xxx/CVE-2021-2301.json index 3ebcaf88439..ee5eb239b55 100644 --- a/2021/2xxx/CVE-2021-2301.json +++ b/2021/2xxx/CVE-2021-2301.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2304.json b/2021/2xxx/CVE-2021-2304.json index d29d595ac31..7828d1d4292 100644 --- a/2021/2xxx/CVE-2021-2304.json +++ b/2021/2xxx/CVE-2021-2304.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2305.json b/2021/2xxx/CVE-2021-2305.json index cebc29ce4c2..b8622777d1b 100644 --- a/2021/2xxx/CVE-2021-2305.json +++ b/2021/2xxx/CVE-2021-2305.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2307.json b/2021/2xxx/CVE-2021-2307.json index 0309878b75e..f3d2276908a 100644 --- a/2021/2xxx/CVE-2021-2307.json +++ b/2021/2xxx/CVE-2021-2307.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/2xxx/CVE-2021-2308.json b/2021/2xxx/CVE-2021-2308.json index 5ccafbb0591..94e2462bb6f 100644 --- a/2021/2xxx/CVE-2021-2308.json +++ b/2021/2xxx/CVE-2021-2308.json @@ -64,6 +64,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2021.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] } diff --git a/2021/32xxx/CVE-2021-32917.json b/2021/32xxx/CVE-2021-32917.json index d7a01bacb40..399c47bc972 100644 --- a/2021/32xxx/CVE-2021-32917.json +++ b/2021/32xxx/CVE-2021-32917.json @@ -56,6 +56,11 @@ "url": "https://blog.prosody.im/prosody-0.11.9-released/", "refsource": "MISC", "name": "https://blog.prosody.im/prosody-0.11.9-released/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", + "url": "http://www.openwall.com/lists/oss-security/2021/05/13/1" } ] } diff --git a/2021/32xxx/CVE-2021-32918.json b/2021/32xxx/CVE-2021-32918.json index 5b34ef30ca4..57c949feda5 100644 --- a/2021/32xxx/CVE-2021-32918.json +++ b/2021/32xxx/CVE-2021-32918.json @@ -56,6 +56,11 @@ "url": "https://blog.prosody.im/prosody-0.11.9-released/", "refsource": "MISC", "name": "https://blog.prosody.im/prosody-0.11.9-released/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", + "url": "http://www.openwall.com/lists/oss-security/2021/05/13/1" } ] } diff --git a/2021/32xxx/CVE-2021-32919.json b/2021/32xxx/CVE-2021-32919.json index 735f2c65f77..e0527e43963 100644 --- a/2021/32xxx/CVE-2021-32919.json +++ b/2021/32xxx/CVE-2021-32919.json @@ -56,6 +56,11 @@ "url": "https://blog.prosody.im/prosody-0.11.9-released/", "refsource": "MISC", "name": "https://blog.prosody.im/prosody-0.11.9-released/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", + "url": "http://www.openwall.com/lists/oss-security/2021/05/13/1" } ] } diff --git a/2021/32xxx/CVE-2021-32920.json b/2021/32xxx/CVE-2021-32920.json index 8981da1941a..75da0ef6610 100644 --- a/2021/32xxx/CVE-2021-32920.json +++ b/2021/32xxx/CVE-2021-32920.json @@ -56,6 +56,11 @@ "url": "https://blog.prosody.im/prosody-0.11.9-released/", "refsource": "MISC", "name": "https://blog.prosody.im/prosody-0.11.9-released/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", + "url": "http://www.openwall.com/lists/oss-security/2021/05/13/1" } ] } diff --git a/2021/32xxx/CVE-2021-32921.json b/2021/32xxx/CVE-2021-32921.json index 8c614f95dea..86eaa270b28 100644 --- a/2021/32xxx/CVE-2021-32921.json +++ b/2021/32xxx/CVE-2021-32921.json @@ -56,6 +56,11 @@ "url": "https://blog.prosody.im/prosody-0.11.9-released/", "refsource": "MISC", "name": "https://blog.prosody.im/prosody-0.11.9-released/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210513 Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", + "url": "http://www.openwall.com/lists/oss-security/2021/05/13/1" } ] } diff --git a/2021/32xxx/CVE-2021-32924.json b/2021/32xxx/CVE-2021-32924.json new file mode 100644 index 00000000000..a90dadfe5c6 --- /dev/null +++ b/2021/32xxx/CVE-2021-32924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-32924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32925.json b/2021/32xxx/CVE-2021-32925.json new file mode 100644 index 00000000000..14027d262e7 --- /dev/null +++ b/2021/32xxx/CVE-2021-32925.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-32925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/user_import.php in Chamilo 1.11.14 reads XML data without disabling the ability to load external entities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/chamilo/chamilo-lms/commit/e71437c8de809044ba3ae1b181d70857c050a3e9", + "refsource": "MISC", + "name": "https://github.com/chamilo/chamilo-lms/commit/e71437c8de809044ba3ae1b181d70857c050a3e9" + }, + { + "url": "https://www.php.net/manual/en/function.libxml-disable-entity-loader.php", + "refsource": "MISC", + "name": "https://www.php.net/manual/en/function.libxml-disable-entity-loader.php" + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3449.json b/2021/3xxx/CVE-2021-3449.json index 3d3cda04aa4..9ccc39896b1 100644 --- a/2021/3xxx/CVE-2021-3449.json +++ b/2021/3xxx/CVE-2021-3449.json @@ -146,6 +146,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2021-09", "url": "https://www.tenable.com/security/tns-2021-09" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210513-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" } ] }