From ad053b9b7a551e7d4d31fd20c7356c875981b60c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Sep 2021 16:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13956.json | 5 +++ 2020/21xxx/CVE-2020-21048.json | 76 ++++++++++++++++++++++++++++++--- 2020/21xxx/CVE-2020-21049.json | 76 ++++++++++++++++++++++++++++++--- 2020/21xxx/CVE-2020-21050.json | 76 ++++++++++++++++++++++++++++++--- 2020/21xxx/CVE-2020-21081.json | 56 ++++++++++++++++++++++--- 2020/21xxx/CVE-2020-21082.json | 56 ++++++++++++++++++++++--- 2021/23xxx/CVE-2021-23044.json | 50 ++++++++++++++++++++-- 2021/41xxx/CVE-2021-41077.json | 77 ++++++++++++++++++++++++++++++++++ 8 files changed, 439 insertions(+), 33 deletions(-) create mode 100644 2021/41xxx/CVE-2021-41077.json diff --git a/2020/13xxx/CVE-2020-13956.json b/2020/13xxx/CVE-2020-13956.json index f699f6ce9db..c8773c65c91 100644 --- a/2020/13xxx/CVE-2020-13956.json +++ b/2020/13xxx/CVE-2020-13956.json @@ -268,6 +268,11 @@ "refsource": "MLIST", "name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", "url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956", + "url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec@%3Cissues.bookkeeper.apache.org%3E" } ] }, diff --git a/2020/21xxx/CVE-2020-21048.json b/2020/21xxx/CVE-2020-21048.json index c94830c3079..44a28e5e61c 100644 --- a/2020/21xxx/CVE-2020-21048.json +++ b/2020/21xxx/CVE-2020-21048.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/saitoha/libsixel/issues/73", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/issues/73" + }, + { + "url": "https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037" + }, + { + "url": "https://github.com/saitoha/libsixel/releases/tag/v1.8.4", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/releases/tag/v1.8.4" + }, + { + "url": "https://github.com/saitoha/libsixel/blob/master/ChangeLog", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/blob/master/ChangeLog" + }, + { + "url": "https://bitbucket.org/netbsd/pkgsrc/commits/6f0c011cbfccdffa635d04c84433b1a02687adad", + "refsource": "MISC", + "name": "https://bitbucket.org/netbsd/pkgsrc/commits/6f0c011cbfccdffa635d04c84433b1a02687adad" } ] } diff --git a/2020/21xxx/CVE-2020-21049.json b/2020/21xxx/CVE-2020-21049.json index 4381aacef02..9ba8ad6b971 100644 --- a/2020/21xxx/CVE-2020-21049.json +++ b/2020/21xxx/CVE-2020-21049.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/saitoha/libsixel/blob/master/ChangeLog", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/blob/master/ChangeLog" + }, + { + "url": "https://github.com/saitoha/libsixel/issues/74", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/issues/74" + }, + { + "url": "https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d" + }, + { + "url": "https://github.com/saitoha/libsixel/releases/tag/v1.8.5", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/releases/tag/v1.8.5" + }, + { + "url": "https://bitbucket.org/netbsd/pkgsrc/commits/970a81d31ec7498e04d09b6b7771cef35f63cd28", + "refsource": "MISC", + "name": "https://bitbucket.org/netbsd/pkgsrc/commits/970a81d31ec7498e04d09b6b7771cef35f63cd28" } ] } diff --git a/2020/21xxx/CVE-2020-21050.json b/2020/21xxx/CVE-2020-21050.json index 46c31cdf539..a5dc4ae8720 100644 --- a/2020/21xxx/CVE-2020-21050.json +++ b/2020/21xxx/CVE-2020-21050.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21050", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21050", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/saitoha/libsixel/blob/master/ChangeLog", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/blob/master/ChangeLog" + }, + { + "url": "https://github.com/saitoha/libsixel/releases/tag/v1.8.5", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/releases/tag/v1.8.5" + }, + { + "url": "https://github.com/saitoha/libsixel/issues/75", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/issues/75" + }, + { + "url": "https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee", + "refsource": "MISC", + "name": "https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee" + }, + { + "url": "https://bitbucket.org/netbsd/pkgsrc/commits/a27113e21179cbfbfae0c35f6a9edd6aa498faae", + "refsource": "MISC", + "name": "https://bitbucket.org/netbsd/pkgsrc/commits/a27113e21179cbfbfae0c35f6a9edd6aa498faae" } ] } diff --git a/2020/21xxx/CVE-2020-21081.json b/2020/21xxx/CVE-2020-21081.json index 1585d0081b7..b593f3a066a 100644 --- a/2020/21xxx/CVE-2020-21081.json +++ b/2020/21xxx/CVE-2020-21081.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21081", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21081", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/magicblack/maccms8/issues/2", + "refsource": "MISC", + "name": "https://github.com/magicblack/maccms8/issues/2" } ] } diff --git a/2020/21xxx/CVE-2020-21082.json b/2020/21xxx/CVE-2020-21082.json index e00970a7a66..efc81bf9a8d 100644 --- a/2020/21xxx/CVE-2020-21082.json +++ b/2020/21xxx/CVE-2020-21082.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21082", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21082", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/magicblack/maccms8/issues/2", + "refsource": "MISC", + "name": "https://github.com/magicblack/maccms8/issues/2" } ] } diff --git a/2021/23xxx/CVE-2021-23044.json b/2021/23xxx/CVE-2021-23044.json index e311e250050..e1a72656c83 100644 --- a/2021/23xxx/CVE-2021-23044.json +++ b/2021/23xxx/CVE-2021-23044.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23044", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K35408374", + "url": "https://support.f5.com/csp/article/K35408374" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." } ] } diff --git a/2021/41xxx/CVE-2021-41077.json b/2021/41xxx/CVE-2021-41077.json new file mode 100644 index 00000000000..6831f442be2 --- /dev/null +++ b/2021/41xxx/CVE-2021-41077.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2021-41077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by a customer, and added to git) is for a Travis service to perform builds in a way that prevents public access to customer-specific secret environment data such as signing keys, access credentials, and API tokens. However, during the stated 8-day interval, secret data could be revealed to an unauthorized actor who forked a public repository and printed files during a build process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/peter_szilagyi/status/1437646118700175360", + "refsource": "MISC", + "name": "https://twitter.com/peter_szilagyi/status/1437646118700175360" + }, + { + "url": "https://twitter.com/peter_szilagyi/status/1437649838477283330", + "refsource": "MISC", + "name": "https://twitter.com/peter_szilagyi/status/1437649838477283330" + }, + { + "url": "https://blog.travis-ci.com/2021-09-13-bulletin", + "refsource": "MISC", + "name": "https://blog.travis-ci.com/2021-09-13-bulletin" + }, + { + "url": "https://news.ycombinator.com/item?id=28523350", + "refsource": "MISC", + "name": "https://news.ycombinator.com/item?id=28523350" + } + ] + } +} \ No newline at end of file