From bd740efa31dd240048e1ecfc8b353da1b97d7632 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 7 Jun 2021 21:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/1xxx/CVE-2020-1750.json | 50 ++++++++++++++++++++++++++++++++-- 2020/25xxx/CVE-2020-25716.json | 50 ++++++++++++++++++++++++++++++++-- 2021/20xxx/CVE-2021-20259.json | 50 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23362.json | 15 ++++++++++ 2021/23xxx/CVE-2021-23391.json | 12 ++++---- 2021/33xxx/CVE-2021-33896.json | 5 ++++ 2021/33xxx/CVE-2021-33912.json | 18 ++++++++++++ 2021/33xxx/CVE-2021-33913.json | 18 ++++++++++++ 2021/3xxx/CVE-2021-3585.json | 18 ++++++++++++ 9 files changed, 222 insertions(+), 14 deletions(-) create mode 100644 2021/33xxx/CVE-2021-33912.json create mode 100644 2021/33xxx/CVE-2021-33913.json create mode 100644 2021/3xxx/CVE-2021-3585.json diff --git a/2020/1xxx/CVE-2020-1750.json b/2020/1xxx/CVE-2020-1750.json index 82a013ccd2c..9d927742eb5 100644 --- a/2020/1xxx/CVE-2020-1750.json +++ b/2020/1xxx/CVE-2020-1750.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "machine-config-operator-container", + "version": { + "version_data": [ + { + "version_value": "openshift/machine-config-operator 4.4.3, openshift/machine-config-operator 4.3.25, openshift/machine-config-operator 4.2.36" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1808130", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808130" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access to schedule new pods in the OpenShift cluster. This was fixed in openshift/machine-config-operator 4.4.3, openshift/machine-config-operator 4.3.25, openshift/machine-config-operator 4.2.36." } ] } diff --git a/2020/25xxx/CVE-2020-25716.json b/2020/25xxx/CVE-2020-25716.json index 263fd6073a4..bd405c29f0f 100644 --- a/2020/25xxx/CVE-2020-25716.json +++ b/2020/25xxx/CVE-2020-25716.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Cloudforms", + "version": { + "version_data": [ + { + "version_value": "before cfme 5.11.10.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285->CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898525" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected" } ] } diff --git a/2021/20xxx/CVE-2021-20259.json b/2021/20xxx/CVE-2021-20259.json index e99ab9185f6..9be554fbd35 100644 --- a/2021/20xxx/CVE-2021-20259.json +++ b/2021/20xxx/CVE-2021-20259.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20259", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "foreman", + "version": { + "version_data": [ + { + "version_value": "before foreman_fog_proxmox 0.13.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932144", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932144" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected" } ] } diff --git a/2021/23xxx/CVE-2021-23362.json b/2021/23xxx/CVE-2021-23362.json index c1516743899..c0c3148910d 100644 --- a/2021/23xxx/CVE-2021-23362.json +++ b/2021/23xxx/CVE-2021-23362.json @@ -61,6 +61,21 @@ "refsource": "MISC", "url": "https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3", "name": "https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3" + }, + { + "refsource": "MISC", + "name": "https://github.com/npm/hosted-git-info/commits/v2", + "url": "https://github.com/npm/hosted-git-info/commits/v2" + }, + { + "refsource": "MISC", + "name": "https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7", + "url": "https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7" + }, + { + "refsource": "MISC", + "name": "https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01", + "url": "https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01" } ] }, diff --git a/2021/23xxx/CVE-2021-23391.json b/2021/23xxx/CVE-2021-23391.json index aa38b652893..d6939de42e1 100644 --- a/2021/23xxx/CVE-2021-23391.json +++ b/2021/23xxx/CVE-2021-23391.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555", + "name": "https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555" }, { - "refsource": "CONFIRM", - "url": "https://github.com/cliftonc/calipso" + "refsource": "MISC", + "url": "https://github.com/cliftonc/calipso", + "name": "https://github.com/cliftonc/calipso" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects all versions of package calipso.\n It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality. \r\n\r\n" + "value": "This affects all versions of package calipso. It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality." } ] }, diff --git a/2021/33xxx/CVE-2021-33896.json b/2021/33xxx/CVE-2021-33896.json index 5b50be57f3d..5f4fc687bbb 100644 --- a/2021/33xxx/CVE-2021-33896.json +++ b/2021/33xxx/CVE-2021-33896.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://dino.im/security/cve-2021-33896/", "url": "https://dino.im/security/cve-2021-33896/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210607 [CVE-2021-33896] Path traversal in Dino file transfers", + "url": "http://www.openwall.com/lists/oss-security/2021/06/07/2" } ] } diff --git a/2021/33xxx/CVE-2021-33912.json b/2021/33xxx/CVE-2021-33912.json new file mode 100644 index 00000000000..e67e321614b --- /dev/null +++ b/2021/33xxx/CVE-2021-33912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33913.json b/2021/33xxx/CVE-2021-33913.json new file mode 100644 index 00000000000..4728a32d7ea --- /dev/null +++ b/2021/33xxx/CVE-2021-33913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3585.json b/2021/3xxx/CVE-2021-3585.json new file mode 100644 index 00000000000..3162864d099 --- /dev/null +++ b/2021/3xxx/CVE-2021-3585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file