From 94d7b3ff7a41becb6d06ca5a24d8c289a4d6afc5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 5 Mar 2021 19:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/9xxx/CVE-2015-9101.json | 2 +- 2016/10xxx/CVE-2016-10093.json | 2 +- 2017/15xxx/CVE-2017-15709.json | 5 +++ 2018/11xxx/CVE-2018-11775.json | 5 +++ 2018/12xxx/CVE-2018-12900.json | 2 +- 2018/6xxx/CVE-2018-6381.json | 2 +- 2019/0xxx/CVE-2019-0222.json | 10 ++++++ 2021/26xxx/CVE-2021-26117.json | 5 +++ 2021/26xxx/CVE-2021-26705.json | 56 ++++++++++++++++++++++++++++++---- 2021/28xxx/CVE-2021-28038.json | 5 +++ 2021/28xxx/CVE-2021-28039.json | 5 +++ 11 files changed, 89 insertions(+), 10 deletions(-) diff --git a/2015/9xxx/CVE-2015-9101.json b/2015/9xxx/CVE-2015-9101.json index 932b8d7ef52..191ac4e265c 100644 --- a/2015/9xxx/CVE-2015-9101.json +++ b/2015/9xxx/CVE-2015-9101.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file." + "value": "The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file." } ] }, diff --git a/2016/10xxx/CVE-2016-10093.json b/2016/10xxx/CVE-2016-10093.json index 26b799cdfd1..cd64ba4b90c 100644 --- a/2016/10xxx/CVE-2016-10093.json +++ b/2016/10xxx/CVE-2016-10093.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5 and 4.0.0alpha6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow." + "value": "Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow." } ] }, diff --git a/2017/15xxx/CVE-2017-15709.json b/2017/15xxx/CVE-2017-15709.json index 1666ad34b87..126c2692925 100644 --- a/2017/15xxx/CVE-2017-15709.json +++ b/2017/15xxx/CVE-2017-15709.json @@ -87,6 +87,11 @@ "refsource": "MLIST", "name": "[activemq-gitbox] 20191022 [GitHub] [activemq-website] coheigea commented on a change in pull request #17: Fix the ordering in the security advisories page", "url": "https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html" } ] } diff --git a/2018/11xxx/CVE-2018-11775.json b/2018/11xxx/CVE-2018-11775.json index 85c135f19e7..d59e3ed698b 100644 --- a/2018/11xxx/CVE-2018-11775.json +++ b/2018/11xxx/CVE-2018-11775.json @@ -122,6 +122,11 @@ "name": "http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt", "refsource": "CONFIRM", "url": "http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html" } ] } diff --git a/2018/12xxx/CVE-2018-12900.json b/2018/12xxx/CVE-2018-12900.json index 8950c4dac85..b9eabbf42cf 100644 --- a/2018/12xxx/CVE-2018-12900.json +++ b/2018/12xxx/CVE-2018-12900.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file." + "value": "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file." } ] }, diff --git a/2018/6xxx/CVE-2018-6381.json b/2018/6xxx/CVE-2018-6381.json index 7e341a9e0d4..b93206e22bf 100644 --- a/2018/6xxx/CVE-2018-6381.json +++ b/2018/6xxx/CVE-2018-6381.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64 and 0.13.63 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data." + "value": "In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data." } ] }, diff --git a/2019/0xxx/CVE-2019-0222.json b/2019/0xxx/CVE-2019-0222.json index 364e0a386eb..66dab5d3316 100644 --- a/2019/0xxx/CVE-2019-0222.json +++ b/2019/0xxx/CVE-2019-0222.json @@ -128,6 +128,16 @@ "refsource": "MLIST", "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947", "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2582-1] mqtt-client security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html" } ] }, diff --git a/2021/26xxx/CVE-2021-26117.json b/2021/26xxx/CVE-2021-26117.json index ba8fcc8f089..51cd5c308f8 100644 --- a/2021/26xxx/CVE-2021-26117.json +++ b/2021/26xxx/CVE-2021-26117.json @@ -99,6 +99,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210304-0008/", "url": "https://security.netapp.com/advisory/ntap-20210304-0008/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html" } ] }, diff --git a/2021/26xxx/CVE-2021-26705.json b/2021/26xxx/CVE-2021-26705.json index edda42bacef..9fc3334984b 100644 --- a/2021/26xxx/CVE-2021-26705.json +++ b/2021/26xxx/CVE-2021-26705.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-26705", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-26705", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49621", + "url": "https://www.exploit-db.com/exploits/49621" } ] } diff --git a/2021/28xxx/CVE-2021-28038.json b/2021/28xxx/CVE-2021-28038.json index 513cbd82cee..a4c1335cb22 100644 --- a/2021/28xxx/CVE-2021-28038.json +++ b/2021/28xxx/CVE-2021-28038.json @@ -56,6 +56,11 @@ "url": "http://xenbits.xen.org/xsa/advisory-367.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-367.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210305 Xen Security Advisory 367 v2 (CVE-2021-28038) - Linux: netback fails to honor grant mapping errors", + "url": "http://www.openwall.com/lists/oss-security/2021/03/05/1" } ] } diff --git a/2021/28xxx/CVE-2021-28039.json b/2021/28xxx/CVE-2021-28039.json index 0d8a6d18961..329c3c7402c 100644 --- a/2021/28xxx/CVE-2021-28039.json +++ b/2021/28xxx/CVE-2021-28039.json @@ -56,6 +56,11 @@ "url": "http://xenbits.xen.org/xsa/advisory-369.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-369.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210305 Xen Security Advisory 369 v2 (CVE-2021-28039) - Linux: special config may crash when trying to map foreign pages", + "url": "http://www.openwall.com/lists/oss-security/2021/03/05/2" } ] }