From badeb8e73d2fa8d16ef2e46d77f58c75f4b95452 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Aug 2021 20:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/13xxx/CVE-2020-13588.json | 50 ++++++++++++++++-- 2020/13xxx/CVE-2020-13589.json | 50 ++++++++++++++++-- 2020/18xxx/CVE-2020-18164.json | 56 +++++++++++++++++--- 2020/28xxx/CVE-2020-28594.json | 50 ++++++++++++++++-- 2021/0xxx/CVE-2021-0462.json | 5 ++ 2021/21xxx/CVE-2021-21810.json | 50 ++++++++++++++++-- 2021/21xxx/CVE-2021-21832.json | 55 +++++++++++++++++-- 2021/29xxx/CVE-2021-29980.json | 97 ++++++++++++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29981.json | 72 +++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29982.json | 72 +++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29983.json | 56 ++++++++++++++++++-- 2021/29xxx/CVE-2021-29984.json | 97 ++++++++++++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29985.json | 97 ++++++++++++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29986.json | 97 ++++++++++++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29987.json | 72 +++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29988.json | 97 ++++++++++++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29989.json | 88 ++++++++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29990.json | 56 ++++++++++++++++++-- 2021/34xxx/CVE-2021-34429.json | 20 +++++++ 2021/38xxx/CVE-2021-38702.json | 71 ++++++++++++++++++++++--- 2021/39xxx/CVE-2021-39246.json | 18 +++++++ 21 files changed, 1266 insertions(+), 60 deletions(-) create mode 100644 2021/39xxx/CVE-2021-39246.json diff --git a/2020/13xxx/CVE-2020-13588.json b/2020/13xxx/CVE-2020-13588.json index 96157c4b959..7382d5821e7 100644 --- a/2020/13xxx/CVE-2020-13588.json +++ b/2020/13xxx/CVE-2020-13588.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rukovoditel", + "version": { + "version_data": [ + { + "version_value": "Rukovoditel Project Management App 2.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the \u2018entities/fields\u2019 page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in \u2018\u2018entities/fields\u2019 page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery." } ] } diff --git a/2020/13xxx/CVE-2020-13589.json b/2020/13xxx/CVE-2020-13589.json index f686fa152fe..6990251246d 100644 --- a/2020/13xxx/CVE-2020-13589.json +++ b/2020/13xxx/CVE-2020-13589.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Rukovoditel", + "version": { + "version_data": [ + { + "version_value": "Rukovoditel Project Management App 2.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable SQL injection vulnerability exists in the \u2018entities/fields\u2019 page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery." } ] } diff --git a/2020/18xxx/CVE-2020-18164.json b/2020/18xxx/CVE-2020-18164.json index 9c7678fd7dd..87d697f09d2 100644 --- a/2020/18xxx/CVE-2020-18164.json +++ b/2020/18xxx/CVE-2020-18164.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-18164", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-18164", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://xz.aliyun.com/t/5095", + "refsource": "MISC", + "name": "https://xz.aliyun.com/t/5095" } ] } diff --git a/2020/28xxx/CVE-2020-28594.json b/2020/28xxx/CVE-2020-28594.json index 27e22363665..c615c9a2ebf 100644 --- a/2020/28xxx/CVE-2020-28594.json +++ b/2020/28xxx/CVE-2020-28594.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Prusa Research", + "version": { + "version_data": [ + { + "version_value": "Prusa Research PrusaSlicer 2.2.0 , Prusa Research PrusaSlicer Master (commit 4b040b856)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/0xxx/CVE-2021-0462.json b/2021/0xxx/CVE-2021-0462.json index 571c3d1c268..ce0c1114788 100644 --- a/2021/0xxx/CVE-2021-0462.json +++ b/2021/0xxx/CVE-2021-0462.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/pixel/2021-03-01", "url": "https://source.android.com/security/bulletin/pixel/2021-03-01" + }, + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2021-08-01", + "url": "https://source.android.com/security/bulletin/pixel/2021-08-01" } ] }, diff --git a/2021/21xxx/CVE-2021-21810.json b/2021/21xxx/CVE-2021-21810.json index 6abaa8b252a..e821164e13d 100644 --- a/2021/21xxx/CVE-2021-21810.json +++ b/2021/21xxx/CVE-2021-21810.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21810", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AT&T Labs", + "version": { + "version_data": [ + { + "version_value": "AT&T Labs Xmill 0.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1278", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1278" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs\u2019 Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21832.json b/2021/21xxx/CVE-2021-21832.json index 89bac65bf39..66d00e5dd72 100644 --- a/2021/21xxx/CVE-2021-21832.json +++ b/2021/21xxx/CVE-2021-21832.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Disc", + "version": { + "version_data": [ + { + "version_value": "Disc Soft Ltd Deamon Tools Pro 8.3.0.0767" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow to buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1295", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1295" + }, + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1295", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1295" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A VULNERABILITY_CLASS vulnerability exists in the FEATURE functionality of Disc Soft Ltd Deamon Tools Pro AFFECTED_VERSIONS. A specially crafted VECTOR can lead to IMPACT. An attacker can EXPLOIT_ACTION to trigger this vulnerability." } ] } diff --git a/2021/29xxx/CVE-2021-29980.json b/2021/29xxx/CVE-2021-29980.json index f07c61539bc..36b3b0940fa 100644 --- a/2021/29xxx/CVE-2021-29980.json +++ b/2021/29xxx/CVE-2021-29980.json @@ -4,14 +4,105 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + }, + { + "version_value": "91", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uninitialized memory in a canvas object could have led to memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-35/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-35/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-34/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-34/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-36/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722204", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722204" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29981.json b/2021/29xxx/CVE-2021-29981.json index 837d5bcb44f..aba58eef060 100644 --- a/2021/29xxx/CVE-2021-29981.json +++ b/2021/29xxx/CVE-2021-29981.json @@ -4,14 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29981", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Live range splitting could have led to conflicting assignments in the JIT" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-36/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1707774", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1707774" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29982.json b/2021/29xxx/CVE-2021-29982.json index b5244b9cfdc..ef561c1b012 100644 --- a/2021/29xxx/CVE-2021-29982.json +++ b/2021/29xxx/CVE-2021-29982.json @@ -4,14 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Single bit data leak due to incorrect JIT optimization and type confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-36/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1715318", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1715318" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29983.json b/2021/29xxx/CVE-2021-29983.json index a27161faea6..58d519bb0b6 100644 --- a/2021/29xxx/CVE-2021-29983.json +++ b/2021/29xxx/CVE-2021-29983.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29983", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Firefox for Android could get stuck in fullscreen mode" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1719088", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1719088" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29984.json b/2021/29xxx/CVE-2021-29984.json index 28b90989e15..e0bbbec07e9 100644 --- a/2021/29xxx/CVE-2021-29984.json +++ b/2021/29xxx/CVE-2021-29984.json @@ -4,14 +4,105 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29984", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + }, + { + "version_value": "91", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect instruction reordering during JIT optimization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-35/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-35/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-34/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-34/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-36/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1720031", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1720031" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29985.json b/2021/29xxx/CVE-2021-29985.json index b82352e1ad8..3fb82245217 100644 --- a/2021/29xxx/CVE-2021-29985.json +++ b/2021/29xxx/CVE-2021-29985.json @@ -4,14 +4,105 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29985", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + }, + { + "version_value": "91", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free media channels" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-35/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-35/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-34/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-34/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-36/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722083", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722083" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29986.json b/2021/29xxx/CVE-2021-29986.json index d6635c4fbbe..c069aa499fa 100644 --- a/2021/29xxx/CVE-2021-29986.json +++ b/2021/29xxx/CVE-2021-29986.json @@ -4,14 +4,105 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29986", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + }, + { + "version_value": "91", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Race condition when resolving DNS names could have led to memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-35/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-35/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-34/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-34/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-36/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1696138", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1696138" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29987.json b/2021/29xxx/CVE-2021-29987.json index 4d622885451..02725c4c2d4 100644 --- a/2021/29xxx/CVE-2021-29987.json +++ b/2021/29xxx/CVE-2021-29987.json @@ -4,14 +4,80 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29987", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Users could have been tricked into accepting unwanted permissions on Linux" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-36/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1716129", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1716129" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29988.json b/2021/29xxx/CVE-2021-29988.json index 600cf321ce7..449baa315e0 100644 --- a/2021/29xxx/CVE-2021-29988.json +++ b/2021/29xxx/CVE-2021-29988.json @@ -4,14 +4,105 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + }, + { + "version_value": "91", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption as a result of incorrect style treatment" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-35/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-35/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-34/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-34/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-36/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-36/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717922", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717922" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29989.json b/2021/29xxx/CVE-2021-29989.json index 384b0859e66..c340a293e45 100644 --- a/2021/29xxx/CVE-2021-29989.json +++ b/2021/29xxx/CVE-2021-29989.json @@ -4,14 +4,96 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29989", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "78.13", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-35/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-35/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-34/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-34/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91." } ] } diff --git a/2021/29xxx/CVE-2021-29990.json b/2021/29xxx/CVE-2021-29990.json index eff65757ee4..dc63eb6855f 100644 --- a/2021/29xxx/CVE-2021-29990.json +++ b/2021/29xxx/CVE-2021-29990.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-29990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "91", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 91" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-33/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-33/" + }, + { + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91." } ] } diff --git a/2021/34xxx/CVE-2021-34429.json b/2021/34xxx/CVE-2021-34429.json index 950df2cac2f..f3db4b58fc3 100644 --- a/2021/34xxx/CVE-2021-34429.json +++ b/2021/34xxx/CVE-2021-34429.json @@ -157,6 +157,26 @@ "refsource": "MLIST", "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", + "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", + "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", + "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429", + "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E" } ] } diff --git a/2021/38xxx/CVE-2021-38702.json b/2021/38xxx/CVE-2021-38702.json index 76560ab2bb5..8a4d89c4827 100644 --- a/2021/38xxx/CVE-2021-38702.json +++ b/2021/38xxx/CVE-2021-38702.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38702", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38702", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.cyberoamworks.com/NetGenie-Home.asp", + "refsource": "MISC", + "name": "http://www.cyberoamworks.com/NetGenie-Home.asp" + }, + { + "refsource": "FULLDISC", + "name": "20210816 Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Cross Site Scripting (XSS)", + "url": "http://seclists.org/fulldisclosure/2021/Aug/20" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/163859/Cyberoam-NetGenie-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/163859/Cyberoam-NetGenie-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2021/Aug/20", + "url": "https://seclists.org/fulldisclosure/2021/Aug/20" } ] } diff --git a/2021/39xxx/CVE-2021-39246.json b/2021/39xxx/CVE-2021-39246.json new file mode 100644 index 00000000000..61f6b48e8a0 --- /dev/null +++ b/2021/39xxx/CVE-2021-39246.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-39246", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file