From b9d8c4a736cad02ef2dde2ad75bcd4f4c161108b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 19 Mar 2021 19:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10127.json | 55 +++++++++++++++++++++++++++++++-- 2019/12xxx/CVE-2019-12962.json | 5 +++ 2021/1xxx/CVE-2021-1732.json | 5 +++ 2021/20xxx/CVE-2021-20077.json | 50 ++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21978.json | 5 +++ 2021/26xxx/CVE-2021-26990.json | 50 ++++++++++++++++++++++++++++-- 2021/26xxx/CVE-2021-26991.json | 50 ++++++++++++++++++++++++++++-- 2021/26xxx/CVE-2021-26992.json | 50 ++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27519.json | 56 ++++++++++++++++++++++++++++++---- 2021/27xxx/CVE-2021-27520.json | 56 ++++++++++++++++++++++++++++++---- 2021/28xxx/CVE-2021-28133.json | 10 ++++++ 2021/3xxx/CVE-2021-3454.json | 18 +++++++++++ 2021/3xxx/CVE-2021-3455.json | 18 +++++++++++ 13 files changed, 401 insertions(+), 27 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3454.json create mode 100644 2021/3xxx/CVE-2021-3455.json diff --git a/2019/10xxx/CVE-2019-10127.json b/2019/10xxx/CVE-2019-10127.json index 7ac76b7a7dc..abf6f414932 100644 --- a/2019/10xxx/CVE-2019-10127.json +++ b/2019/10xxx/CVE-2019-10127.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "postgresql", + "version": { + "version_data": [ + { + "version_value": "11.x prior to 11.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.postgresql.org/about/news/1939/", + "url": "https://www.postgresql.org/about/news/1939/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1707098", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707098" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files." } ] } diff --git a/2019/12xxx/CVE-2019-12962.json b/2019/12xxx/CVE-2019-12962.json index 2386d652dd3..feae22dbea4 100644 --- a/2019/12xxx/CVE-2019-12962.json +++ b/2019/12xxx/CVE-2019-12962.json @@ -56,6 +56,11 @@ "url": "https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/", "refsource": "MISC", "name": "https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161867/LiveZilla-Server-8.0.1.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/161867/LiveZilla-Server-8.0.1.0-Cross-Site-Scripting.html" } ] } diff --git a/2021/1xxx/CVE-2021-1732.json b/2021/1xxx/CVE-2021-1732.json index 0b4ad2c1a29..05a1dadc80a 100644 --- a/2021/1xxx/CVE-2021-1732.json +++ b/2021/1xxx/CVE-2021-1732.json @@ -204,6 +204,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html", + "url": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html" } ] } diff --git a/2021/20xxx/CVE-2021-20077.json b/2021/20xxx/CVE-2021-20077.json index 27d334750b0..4035315b7e8 100644 --- a/2021/20xxx/CVE-2021-20077.json +++ b/2021/20xxx/CVE-2021-20077.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20077", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tenable Nessus Agent", + "version": { + "version_data": [ + { + "version_value": "7.2.0 through 8.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2021-04-0", + "url": "https://www.tenable.com/security/tns-2021-04-0" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token." } ] } diff --git a/2021/21xxx/CVE-2021-21978.json b/2021/21xxx/CVE-2021-21978.json index e8a29e71673..c7515b57b27 100644 --- a/2021/21xxx/CVE-2021-21978.json +++ b/2021/21xxx/CVE-2021-21978.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.vmware.com/security/advisories/VMSA-2021-0003.html", "url": "https://www.vmware.com/security/advisories/VMSA-2021-0003.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html" } ] }, diff --git a/2021/26xxx/CVE-2021-26990.json b/2021/26xxx/CVE-2021-26990.json index 1fd6eb898a8..3672d52f218 100644 --- a/2021/26xxx/CVE-2021-26990.json +++ b/2021/26xxx/CVE-2021-26990.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Cloud Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 3.9.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Overwrite" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/NTAP-20210318-0001", + "url": "https://security.netapp.com/advisory/NTAP-20210318-0001" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files." } ] } diff --git a/2021/26xxx/CVE-2021-26991.json b/2021/26xxx/CVE-2021-26991.json index b8d931363dc..05b8ef50a8a 100644 --- a/2021/26xxx/CVE-2021-26991.json +++ b/2021/26xxx/CVE-2021-26991.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Cloud Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 3.9.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Origin Resource Sharing (CORS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/NTAP-20210318-0002", + "url": "https://security.netapp.com/advisory/NTAP-20210318-0002" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote attacker to interact with Cloud Manager." } ] } diff --git a/2021/26xxx/CVE-2021-26992.json b/2021/26xxx/CVE-2021-26992.json index f41fed5e6c9..9fc0741b201 100644 --- a/2021/26xxx/CVE-2021-26992.json +++ b/2021/26xxx/CVE-2021-26992.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-26992", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Cloud Manager", + "version": { + "version_data": [ + { + "version_value": "Prior to 3.9.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/NTAP-20210318-0003", + "url": "https://security.netapp.com/advisory/NTAP-20210318-0003" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability which could allow a remote attacker to cause a Denial of Service (DoS)." } ] } diff --git a/2021/27xxx/CVE-2021-27519.json b/2021/27xxx/CVE-2021-27519.json index da12d5733a6..04f8b741b10 100644 --- a/2021/27xxx/CVE-2021-27519.json +++ b/2021/27xxx/CVE-2021-27519.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27519", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27519", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fudforum/FUDforum/issues/2", + "refsource": "MISC", + "name": "https://github.com/fudforum/FUDforum/issues/2" } ] } diff --git a/2021/27xxx/CVE-2021-27520.json b/2021/27xxx/CVE-2021-27520.json index f045e232e6a..f9982a19a63 100644 --- a/2021/27xxx/CVE-2021-27520.json +++ b/2021/27xxx/CVE-2021-27520.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27520", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27520", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fudforum/FUDforum/issues/2", + "refsource": "MISC", + "name": "https://github.com/fudforum/FUDforum/issues/2" } ] } diff --git a/2021/28xxx/CVE-2021-28133.json b/2021/28xxx/CVE-2021-28133.json index cf89df2a532..98d594fb782 100644 --- a/2021/28xxx/CVE-2021-28133.json +++ b/2021/28xxx/CVE-2021-28133.json @@ -71,6 +71,16 @@ "refsource": "MISC", "name": "https://www.syss.de/pentest-blog/syss-2020-044-sicherheitsproblem-in-screen-sharing-funktionalitaet-von-zoom-cve-2021-28133", "url": "https://www.syss.de/pentest-blog/syss-2020-044-sicherheitsproblem-in-screen-sharing-funktionalitaet-von-zoom-cve-2021-28133" + }, + { + "refsource": "FULLDISC", + "name": "20210319 [SYSS-2020-044]: Zoom - Exposure of Resource to Wrong Sphere (CWE-668) (CVE-2021-28133)", + "url": "http://seclists.org/fulldisclosure/2021/Mar/48" + }, + { + "refsource": "MISC", + "name": "https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html", + "url": "https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html" } ] } diff --git a/2021/3xxx/CVE-2021-3454.json b/2021/3xxx/CVE-2021-3454.json new file mode 100644 index 00000000000..9608a01489e --- /dev/null +++ b/2021/3xxx/CVE-2021-3454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3455.json b/2021/3xxx/CVE-2021-3455.json new file mode 100644 index 00000000000..f912ffee5ab --- /dev/null +++ b/2021/3xxx/CVE-2021-3455.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3455", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file