From bf2b147ab6a3197f46f4713625a396bbd0b0aa62 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 27 Oct 2021 15:00:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/22xxx/CVE-2021-22101.json | 50 ++++++++++++++++++++++++++-- 2021/30xxx/CVE-2021-30846.json | 5 +++ 2021/30xxx/CVE-2021-30848.json | 5 +++ 2021/30xxx/CVE-2021-30849.json | 5 +++ 2021/30xxx/CVE-2021-30858.json | 5 +++ 2021/36xxx/CVE-2021-36756.json | 61 ++++++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37221.json | 56 +++++++++++++++++++++++++++---- 2021/38xxx/CVE-2021-38379.json | 61 ++++++++++++++++++++++++++++++---- 2021/40xxx/CVE-2021-40690.json | 5 +++ 2021/42xxx/CVE-2021-42762.json | 5 +++ 2021/43xxx/CVE-2021-43045.json | 18 ++++++++++ 11 files changed, 255 insertions(+), 21 deletions(-) create mode 100644 2021/43xxx/CVE-2021-43045.json diff --git a/2021/22xxx/CVE-2021-22101.json b/2021/22xxx/CVE-2021-22101.json index de49336dfa4..2df5b3976c9 100644 --- a/2021/22xxx/CVE-2021-22101.json +++ b/2021/22xxx/CVE-2021-22101.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22101", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Cloud Foundry Cloud Controller", + "version": { + "version_data": [ + { + "version_value": "Cloud Foundry Cloud Controller versions prior to 1.118.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.cloudfoundry.org/blog/cve-2021-22101-cloud-controller-is-vulnerable-to-unauthenticated-denial-of-service/", + "url": "https://www.cloudfoundry.org/blog/cve-2021-22101-cloud-controller-is-vulnerable-to-unauthenticated-denial-of-service/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query." } ] } diff --git a/2021/30xxx/CVE-2021-30846.json b/2021/30xxx/CVE-2021-30846.json index 2ee8567c00c..4b42820155f 100644 --- a/2021/30xxx/CVE-2021-30846.json +++ b/2021/30xxx/CVE-2021-30846.json @@ -123,6 +123,11 @@ "refsource": "MLIST", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", + "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2" } ] }, diff --git a/2021/30xxx/CVE-2021-30848.json b/2021/30xxx/CVE-2021-30848.json index 813ce21fea7..5daca56abc8 100644 --- a/2021/30xxx/CVE-2021-30848.json +++ b/2021/30xxx/CVE-2021-30848.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", + "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2" } ] }, diff --git a/2021/30xxx/CVE-2021-30849.json b/2021/30xxx/CVE-2021-30849.json index dd032db1a7f..61e5f7d270b 100644 --- a/2021/30xxx/CVE-2021-30849.json +++ b/2021/30xxx/CVE-2021-30849.json @@ -139,6 +139,11 @@ "refsource": "MLIST", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", + "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2" } ] }, diff --git a/2021/30xxx/CVE-2021-30858.json b/2021/30xxx/CVE-2021-30858.json index 4caf6434ff1..e52547bf1c5 100644 --- a/2021/30xxx/CVE-2021-30858.json +++ b/2021/30xxx/CVE-2021-30858.json @@ -135,6 +135,11 @@ "refsource": "MLIST", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", + "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2" } ] }, diff --git a/2021/36xxx/CVE-2021-36756.json b/2021/36xxx/CVE-2021-36756.json index 7bfc0f04d57..f9b086c6eaf 100644 --- a/2021/36xxx/CVE-2021-36756.json +++ b/2021/36xxx/CVE-2021-36756.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36756", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36756", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cfengine.com/downloads/cfengine-enterprise/", + "refsource": "MISC", + "name": "https://cfengine.com/downloads/cfengine-enterprise/" + }, + { + "refsource": "MISC", + "name": "https://cfengine.com/blog/2021/cve-2021-38379-and-cve-2021-36756/", + "url": "https://cfengine.com/blog/2021/cve-2021-38379-and-cve-2021-36756/" } ] } diff --git a/2021/37xxx/CVE-2021-37221.json b/2021/37xxx/CVE-2021-37221.json index e9c02866473..7336d295d76 100644 --- a/2021/37xxx/CVE-2021-37221.json +++ b/2021/37xxx/CVE-2021-37221.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-37221", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-37221", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/50046", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/50046" } ] } diff --git a/2021/38xxx/CVE-2021-38379.json b/2021/38xxx/CVE-2021-38379.json index c76d1cebc24..71a8106a523 100644 --- a/2021/38xxx/CVE-2021-38379.json +++ b/2021/38xxx/CVE-2021-38379.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38379", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38379", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.cfengine.com/docs/3.18/enterprise-cfengine-guide.html", + "refsource": "MISC", + "name": "https://docs.cfengine.com/docs/3.18/enterprise-cfengine-guide.html" + }, + { + "refsource": "MISC", + "name": "https://cfengine.com/blog/2021/cve-2021-38379-and-cve-2021-36756/", + "url": "https://cfengine.com/blog/2021/cve-2021-38379-and-cve-2021-36756/" } ] } diff --git a/2021/40xxx/CVE-2021-40690.json b/2021/40xxx/CVE-2021-40690.json index ed9453ea9df..ad854029fd2 100644 --- a/2021/40xxx/CVE-2021-40690.json +++ b/2021/40xxx/CVE-2021-40690.json @@ -106,6 +106,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210927 [SECURITY] [DLA 2767-1] libxml-security-java security update", "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-issues] 20211027 [jira] [Created] (CXF-8613) High Security issues reported with Apache Santuario library bundled in CXF 3.4.4", + "url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59@%3Cissues.cxf.apache.org%3E" } ] }, diff --git a/2021/42xxx/CVE-2021-42762.json b/2021/42xxx/CVE-2021-42762.json index 9de8bad3fa1..dfd79151303 100644 --- a/2021/42xxx/CVE-2021-42762.json +++ b/2021/42xxx/CVE-2021-42762.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", + "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2" } ] } diff --git a/2021/43xxx/CVE-2021-43045.json b/2021/43xxx/CVE-2021-43045.json new file mode 100644 index 00000000000..eee390c5890 --- /dev/null +++ b/2021/43xxx/CVE-2021-43045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-43045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file