From 952ac0dbb80a7f48e231c505ad740203bf98dda4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Aug 2021 21:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/33xxx/CVE-2021-33056.json | 61 ++++++++++++++++++++++++++++++---- 2021/33xxx/CVE-2021-33199.json | 61 ++++++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37599.json | 61 ++++++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37644.json | 2 +- 2021/37xxx/CVE-2021-37658.json | 2 +- 2021/37xxx/CVE-2021-37700.json | 2 +- 2021/37xxx/CVE-2021-37704.json | 2 +- 2021/38xxx/CVE-2021-38366.json | 56 +++++++++++++++++++++++++++---- 8 files changed, 219 insertions(+), 28 deletions(-) diff --git a/2021/33xxx/CVE-2021-33056.json b/2021/33xxx/CVE-2021-33056.json index 35e7be15b08..fd089be33e3 100644 --- a/2021/33xxx/CVE-2021-33056.json +++ b/2021/33xxx/CVE-2021-33056.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33056", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33056", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/BelledonneCommunications/belle-sip/commit/116e3eb48fe43ea63eb9f3c4b4b30c48d58d6ff0", + "refsource": "MISC", + "name": "https://github.com/BelledonneCommunications/belle-sip/commit/116e3eb48fe43ea63eb9f3c4b4b30c48d58d6ff0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/BelledonneCommunications/belle-sip/compare/4.5.15...4.5.20", + "url": "https://github.com/BelledonneCommunications/belle-sip/compare/4.5.15...4.5.20" } ] } diff --git a/2021/33xxx/CVE-2021-33199.json b/2021/33xxx/CVE-2021-33199.json index 24128f2ab8c..8847f539567 100644 --- a/2021/33xxx/CVE-2021-33199.json +++ b/2021/33xxx/CVE-2021-33199.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33199", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3", + "refsource": "MISC", + "name": "https://github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3" + }, + { + "url": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508", + "refsource": "MISC", + "name": "https://github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3#diff-17bcb23e5666fc2dccb79c7133e9eeb701847f67ae84fbde0a673c3fd3d109e0R508" } ] } diff --git a/2021/37xxx/CVE-2021-37599.json b/2021/37xxx/CVE-2021-37599.json index 40162b595c8..5b4b1f85d22 100644 --- a/2021/37xxx/CVE-2021-37599.json +++ b/2021/37xxx/CVE-2021-37599.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37599", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37599", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database (and execute code in some situations) via the txtPassword parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://slazarus.xyz/winscribe.html", + "refsource": "MISC", + "name": "https://slazarus.xyz/winscribe.html" + }, + { + "url": "https://www.nuance.com/dragon/business-solutions/winscribe-dictation-workflow.html", + "refsource": "MISC", + "name": "https://www.nuance.com/dragon/business-solutions/winscribe-dictation-workflow.html" } ] } diff --git a/2021/37xxx/CVE-2021-37644.json b/2021/37xxx/CVE-2021-37644.json index 5b735b4f81c..a2a4d98164a 100644 --- a/2021/37xxx/CVE-2021-37644.json +++ b/2021/37xxx/CVE-2021-37644.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlled by input given by the user, without checking that this input is valid. We have patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range." + "value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negative number of elements. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls `std::vector.resize()` with the new size controlled by input given by the user, without checking that this input is valid. We have patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range." } ] }, diff --git a/2021/37xxx/CVE-2021-37658.json b/2021/37xxx/CVE-2021-37658.json index 64fc00080eb..a153ce709c0 100644 --- a/2021/37xxx/CVE-2021-37658.json +++ b/2021/37xxx/CVE-2021-37658.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range." + "value": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of `k` is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. We have patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range." } ] }, diff --git a/2021/37xxx/CVE-2021-37700.json b/2021/37xxx/CVE-2021-37700.json index 4e08403e58e..db844cfd4a1 100644 --- a/2021/37xxx/CVE-2021-37700.json +++ b/2021/37xxx/CVE-2021-37700.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string ``, a **div** is dynamically created, and the clipboard content is copied into its **innerHTML** property without any sanitization, resulting in improper execution of JavaScript in the browser of the victim (the user who pasted the code). Users directed to copy text from a malicious website and paste it into pages that utilize this library are affected. This is fixed in version 0.3.4. Refer the to the referenced GitHub Advisory for more details including an example exploit.\n" + "value": "@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string `
`, a **div** is dynamically created, and the clipboard content is copied into its **innerHTML** property without any sanitization, resulting in improper execution of JavaScript in the browser of the victim (the user who pasted the code). Users directed to copy text from a malicious website and paste it into pages that utilize this library are affected. This is fixed in version 0.3.4. Refer the to the referenced GitHub Advisory for more details including an example exploit." } ] }, diff --git a/2021/37xxx/CVE-2021-37704.json b/2021/37xxx/CVE-2021-37704.json index 208035d3cde..f8db6d0e8fe 100644 --- a/2021/37xxx/CVE-2021-37704.json +++ b/2021/37xxx/CVE-2021-37704.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access." + "value": "PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access." } ] }, diff --git a/2021/38xxx/CVE-2021-38366.json b/2021/38xxx/CVE-2021-38366.json index 5e314b56320..785aacf85e5 100644 --- a/2021/38xxx/CVE-2021-38366.json +++ b/2021/38xxx/CVE-2021-38366.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38366", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38366", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.istern.dk/2021/08/10/sitecore-10-authenticated-file-upload-to-rce/", + "refsource": "MISC", + "name": "https://blog.istern.dk/2021/08/10/sitecore-10-authenticated-file-upload-to-rce/" } ] }