diff --git a/2021/30xxx/CVE-2021-30554.json b/2021/30xxx/CVE-2021-30554.json index 62bed72dcee..b3625245a89 100644 --- a/2021/30xxx/CVE-2021-30554.json +++ b/2021/30xxx/CVE-2021-30554.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30554", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1219857" + "url": "https://crbug.com/1219857", + "refsource": "MISC", + "name": "https://crbug.com/1219857" }, { - "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" + "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" } ] }, @@ -60,4 +65,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30555.json b/2021/30xxx/CVE-2021-30555.json index ee99201e89a..4bb817677d5 100644 --- a/2021/30xxx/CVE-2021-30555.json +++ b/2021/30xxx/CVE-2021-30555.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30555", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1215029" + "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" }, { - "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" + "url": "https://crbug.com/1215029", + "refsource": "MISC", + "name": "https://crbug.com/1215029" } ] }, @@ -60,4 +65,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30556.json b/2021/30xxx/CVE-2021-30556.json index f253a5a9ab2..da028780b11 100644 --- a/2021/30xxx/CVE-2021-30556.json +++ b/2021/30xxx/CVE-2021-30556.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30556", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1212599" + "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" }, { - "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" + "url": "https://crbug.com/1212599", + "refsource": "MISC", + "name": "https://crbug.com/1212599" } ] }, @@ -60,4 +65,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/30xxx/CVE-2021-30557.json b/2021/30xxx/CVE-2021-30557.json index ee61773bed3..ec642b68bd5 100644 --- a/2021/30xxx/CVE-2021-30557.json +++ b/2021/30xxx/CVE-2021-30557.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30557", - "ASSIGNER": "chrome-cve-admin@google.com" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -45,10 +46,14 @@ "references": { "reference_data": [ { - "url": "https://crbug.com/1202102" + "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" }, { - "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html" + "url": "https://crbug.com/1202102", + "refsource": "MISC", + "name": "https://crbug.com/1202102" } ] }, @@ -60,4 +65,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33889.json b/2021/33xxx/CVE-2021-33889.json index 11041b7f738..a5a0f3797e1 100644 --- a/2021/33xxx/CVE-2021-33889.json +++ b/2021/33xxx/CVE-2021-33889.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33889", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33889", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overflow because of an inconsistency in the integer data type for metric_len." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openthread/wpantund/releases", + "refsource": "MISC", + "name": "https://github.com/openthread/wpantund/releases" + }, + { + "refsource": "MISC", + "name": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0019/FEYE-2021-0019.md", + "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0019/FEYE-2021-0019.md" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/openthread/wpantund/issues/502", + "url": "https://github.com/openthread/wpantund/issues/502" } ] } diff --git a/2021/34xxx/CVE-2021-34807.json b/2021/34xxx/CVE-2021-34807.json index 240a44dc3cd..bd88569dbf7 100644 --- a/2021/34xxx/CVE-2021-34807.json +++ b/2021/34xxx/CVE-2021-34807.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-34807", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-34807", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16" + }, + { + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23" } ] } diff --git a/2021/35xxx/CVE-2021-35207.json b/2021/35xxx/CVE-2021-35207.json index ba44ba643db..1eda76c8368 100644 --- a/2021/35xxx/CVE-2021-35207.json +++ b/2021/35xxx/CVE-2021-35207.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35207", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35207", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16" + }, + { + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23" } ] } diff --git a/2021/35xxx/CVE-2021-35208.json b/2021/35xxx/CVE-2021-35208.json index 307558eb06d..a022b4b78f1 100644 --- a/2021/35xxx/CVE-2021-35208.json +++ b/2021/35xxx/CVE-2021-35208.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35208", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35208", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16" + }, + { + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23" } ] } diff --git a/2021/35xxx/CVE-2021-35209.json b/2021/35xxx/CVE-2021-35209.json index 2a5b7c2f313..1db1fb02d4a 100644 --- a/2021/35xxx/CVE-2021-35209.json +++ b/2021/35xxx/CVE-2021-35209.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. The value of the X-Host header overwrites the value of the Host header in proxied requests. The value of X-Host header is not checked against the whitelist of hosts Zimbra is allowed to proxy to (the zimbraProxyAllowedDomains setting)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16" + }, + { + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23" } ] }