From 87d0ecc70fee4d9a86ae9f8b36ee58cbc6494671 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 29 Jan 2021 17:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/25xxx/CVE-2019-25016.json | 12 ++++- 2020/7xxx/CVE-2020-7550.json | 5 ++ 2020/7xxx/CVE-2020-7554.json | 5 ++ 2020/7xxx/CVE-2020-7555.json | 5 ++ 2020/7xxx/CVE-2020-7556.json | 5 ++ 2020/7xxx/CVE-2020-7557.json | 5 ++ 2020/7xxx/CVE-2020-7558.json | 5 ++ 2021/23xxx/CVE-2021-23328.json | 12 +++-- 2021/3xxx/CVE-2021-3346.json | 72 +++++++++++++++++++++++++ 2021/3xxx/CVE-2021-3347.json | 97 ++++++++++++++++++++++++++++++++++ 10 files changed, 217 insertions(+), 6 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3346.json create mode 100644 2021/3xxx/CVE-2021-3347.json diff --git a/2019/25xxx/CVE-2019-25016.json b/2019/25xxx/CVE-2019-25016.json index 4b1cfa5a470..c995f4c24df 100644 --- a/2019/25xxx/CVE-2019-25016.json +++ b/2019/25xxx/CVE-2019-25016.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context." + "value": "In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue." } ] }, @@ -61,6 +61,16 @@ "url": "https://github.com/Duncaen/OpenDoas/issues/45", "refsource": "MISC", "name": "https://github.com/Duncaen/OpenDoas/issues/45" + }, + { + "refsource": "MISC", + "name": "https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1", + "url": "https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1" + }, + { + "refsource": "MISC", + "name": "https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d", + "url": "https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d" } ] } diff --git a/2020/7xxx/CVE-2020-7550.json b/2020/7xxx/CVE-2020-7550.json index ddac554b2d0..b119c382fb8 100644 --- a/2020/7xxx/CVE-2020-7550.json +++ b/2020/7xxx/CVE-2020-7550.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-092/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-092/" } ] }, diff --git a/2020/7xxx/CVE-2020-7554.json b/2020/7xxx/CVE-2020-7554.json index 95b551392c3..5df112def6a 100644 --- a/2020/7xxx/CVE-2020-7554.json +++ b/2020/7xxx/CVE-2020-7554.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-093/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-093/" } ] }, diff --git a/2020/7xxx/CVE-2020-7555.json b/2020/7xxx/CVE-2020-7555.json index b3c6733a25e..3c5d3fa6c3e 100644 --- a/2020/7xxx/CVE-2020-7555.json +++ b/2020/7xxx/CVE-2020-7555.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-094/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-094/" } ] }, diff --git a/2020/7xxx/CVE-2020-7556.json b/2020/7xxx/CVE-2020-7556.json index 734e7c7a327..f10fae572f9 100644 --- a/2020/7xxx/CVE-2020-7556.json +++ b/2020/7xxx/CVE-2020-7556.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-095/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-095/" } ] }, diff --git a/2020/7xxx/CVE-2020-7557.json b/2020/7xxx/CVE-2020-7557.json index ec652cd16e7..b9fb86ecfc8 100644 --- a/2020/7xxx/CVE-2020-7557.json +++ b/2020/7xxx/CVE-2020-7557.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-096/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-096/" } ] }, diff --git a/2020/7xxx/CVE-2020-7558.json b/2020/7xxx/CVE-2020-7558.json index 0c3f2a058d3..2a02e03e3ad 100644 --- a/2020/7xxx/CVE-2020-7558.json +++ b/2020/7xxx/CVE-2020-7558.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-03/" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-091/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-091/" } ] }, diff --git a/2021/23xxx/CVE-2021-23328.json b/2021/23xxx/CVE-2021-23328.json index 2aee6c28a11..b70e5b3d4d9 100644 --- a/2021/23xxx/CVE-2021-23328.json +++ b/2021/23xxx/CVE-2021-23328.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989", + "name": "https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989" }, { - "refsource": "CONFIRM", - "url": "https://www.npmjs.com/package/iniparserjs" + "refsource": "MISC", + "url": "https://www.npmjs.com/package/iniparserjs", + "name": "https://www.npmjs.com/package/iniparserjs" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects all versions of package iniparserjs.\n This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. \r\n\r\n" + "value": "This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program." } ] }, diff --git a/2021/3xxx/CVE-2021-3346.json b/2021/3xxx/CVE-2021-3346.json new file mode 100644 index 00000000000..eabf55abadb --- /dev/null +++ b/2021/3xxx/CVE-2021-3346.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-3346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.turris.com/", + "refsource": "MISC", + "name": "https://www.turris.com/" + }, + { + "url": "https://gitlab.nic.cz/turris/foris/foris/-/issues/201", + "refsource": "MISC", + "name": "https://gitlab.nic.cz/turris/foris/foris/-/issues/201" + }, + { + "url": "https://gitlab.nic.cz/turris/foris/foris/-/blob/master/CHANGELOG.rst", + "refsource": "MISC", + "name": "https://gitlab.nic.cz/turris/foris/foris/-/blob/master/CHANGELOG.rst" + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3347.json b/2021/3xxx/CVE-2021-3347.json new file mode 100644 index 00000000000..4b7087f03bf --- /dev/null +++ b/2021/3xxx/CVE-2021-3347.json @@ -0,0 +1,97 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-3347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, aka CID-34b1a1ce1458." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c64396cc36c6e60704ab06c1fb1c4a46179c9120" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34b1a1ce1458f50ef27c54e28eb9b1947012907a" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f2dac39d93987f7de1e20b3988c8685523247ae2" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6ccc84f917d33312eb2846bd7b567639f585ad6d" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2156ac1934166d6deb6cd0f6ffc4c1076ec63697" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5cade200ab9a2a3be9e7f32a752c8d86b502ec7" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04b79c55201f02ffd675e1231d731365e335c307" + }, + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9", + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9" + } + ] + } +} \ No newline at end of file