diff --git a/2019/14xxx/CVE-2019-14846.json b/2019/14xxx/CVE-2019-14846.json index e0892958e7f..e4504fea8a9 100644 --- a/2019/14xxx/CVE-2019-14846.json +++ b/2019/14xxx/CVE-2019-14846.json @@ -113,7 +113,7 @@ "description_data": [ { "lang": "eng", - "value": "Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ansible_engine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process." + "value": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process." } ] }, diff --git a/2021/20xxx/CVE-2021-20206.json b/2021/20xxx/CVE-2021-20206.json index ece8a803efc..17aaf3b2645 100644 --- a/2021/20xxx/CVE-2021-20206.json +++ b/2021/20xxx/CVE-2021-20206.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "containernetworking-cni", + "version": { + "version_data": [ + { + "version_value": "containernetworking/cni 0.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20->CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." } ] } diff --git a/2021/21xxx/CVE-2021-21372.json b/2021/21xxx/CVE-2021-21372.json index c219109b45b..86ed6f7811e 100644 --- a/2021/21xxx/CVE-2021-21372.json +++ b/2021/21xxx/CVE-2021-21372.json @@ -80,16 +80,16 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p", - "refsource": "CONFIRM", - "url": "https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p" - }, { "name": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/", "refsource": "MISC", "url": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/" }, + { + "name": "https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p", + "refsource": "CONFIRM", + "url": "https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p" + }, { "name": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130", "refsource": "MISC", diff --git a/2021/21xxx/CVE-2021-21373.json b/2021/21xxx/CVE-2021-21373.json index d9a76de8a53..d1715761084 100644 --- a/2021/21xxx/CVE-2021-21373.json +++ b/2021/21xxx/CVE-2021-21373.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.\n\n\n" + "value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution." } ] }, @@ -72,11 +72,6 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8", - "refsource": "CONFIRM", - "url": "https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8" - }, { "name": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/", "refsource": "MISC", @@ -86,6 +81,11 @@ "name": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130", "refsource": "MISC", "url": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130" + }, + { + "name": "https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8", + "refsource": "CONFIRM", + "url": "https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8" } ] }, diff --git a/2021/21xxx/CVE-2021-21374.json b/2021/21xxx/CVE-2021-21374.json index d2c3b67961a..4b17068ad55 100644 --- a/2021/21xxx/CVE-2021-21374.json +++ b/2021/21xxx/CVE-2021-21374.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.\n\n" + "value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution." } ] }, @@ -88,11 +88,6 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx", - "refsource": "CONFIRM", - "url": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx" - }, { "name": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/", "refsource": "MISC", @@ -103,6 +98,11 @@ "refsource": "MISC", "url": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130" }, + { + "name": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx", + "refsource": "CONFIRM", + "url": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx" + }, { "name": "https://github.com/nim-lang/Nim/pull/16940", "refsource": "MISC", diff --git a/2021/29xxx/CVE-2021-29264.json b/2021/29xxx/CVE-2021-29264.json new file mode 100644 index 00000000000..2fe2a695e70 --- /dev/null +++ b/2021/29xxx/CVE-2021-29264.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-29264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f" + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29265.json b/2021/29xxx/CVE-2021-29265.json new file mode 100644 index 00000000000..0b662c017a0 --- /dev/null +++ b/2021/29xxx/CVE-2021-29265.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-29265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9380afd6df70e24eacbdbde33afc6a3950965d22", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9380afd6df70e24eacbdbde33afc6a3950965d22" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7" + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29266.json b/2021/29xxx/CVE-2021-29266.json new file mode 100644 index 00000000000..5c8d3ec380b --- /dev/null +++ b/2021/29xxx/CVE-2021-29266.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-29266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9" + } + ] + } +} \ No newline at end of file diff --git a/2021/29xxx/CVE-2021-29267.json b/2021/29xxx/CVE-2021-29267.json new file mode 100644 index 00000000000..e4cdc4a4821 --- /dev/null +++ b/2021/29xxx/CVE-2021-29267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-29267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3449.json b/2021/3xxx/CVE-2021-3449.json index bd97277d594..a3907927413 100644 --- a/2021/3xxx/CVE-2021-3449.json +++ b/2021/3xxx/CVE-2021-3449.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210326-0006/", "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" + }, + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" } ] } diff --git a/2021/3xxx/CVE-2021-3450.json b/2021/3xxx/CVE-2021-3450.json index 318984737ea..90331c6b81b 100644 --- a/2021/3xxx/CVE-2021-3450.json +++ b/2021/3xxx/CVE-2021-3450.json @@ -86,6 +86,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210326-0006/", "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" + }, + { + "refsource": "MISC", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc" } ] }