From c6f3b83bc077530f752074f9c38e0eb1cbb228ab Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 21 Oct 2021 09:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/35xxx/CVE-2021-35491.json | 2 +- 2021/35xxx/CVE-2021-35590.json | 5 +++ 2021/35xxx/CVE-2021-35592.json | 5 +++ 2021/35xxx/CVE-2021-35593.json | 5 +++ 2021/35xxx/CVE-2021-35594.json | 5 +++ 2021/35xxx/CVE-2021-35598.json | 5 +++ 2021/35xxx/CVE-2021-35611.json | 5 +++ 2021/35xxx/CVE-2021-35621.json | 5 +++ 2021/40xxx/CVE-2021-40487.json | 5 +++ 2021/41xxx/CVE-2021-41344.json | 5 +++ 2021/41xxx/CVE-2021-41511.json | 5 +++ 2021/41xxx/CVE-2021-41790.json | 61 ++++++++++++++++++++++++++++++---- 2021/41xxx/CVE-2021-41791.json | 61 ++++++++++++++++++++++++++++++---- 2021/41xxx/CVE-2021-41792.json | 61 ++++++++++++++++++++++++++++++---- 14 files changed, 216 insertions(+), 19 deletions(-) diff --git a/2021/35xxx/CVE-2021-35491.json b/2021/35xxx/CVE-2021-35491.json index 8d1713ad3a0..3bd338529bd 100644 --- a/2021/35xxx/CVE-2021-35491.json +++ b/2021/35xxx/CVE-2021-35491.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. This issue was resolved in Wowza Streaming Engine release 4.8.14." } ] }, diff --git a/2021/35xxx/CVE-2021-35590.json b/2021/35xxx/CVE-2021-35590.json index 29ac8aa9067..6094513b429 100644 --- a/2021/35xxx/CVE-2021-35590.json +++ b/2021/35xxx/CVE-2021-35590.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1226/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1226/" } ] } diff --git a/2021/35xxx/CVE-2021-35592.json b/2021/35xxx/CVE-2021-35592.json index bae1483ebf3..7082a53a317 100644 --- a/2021/35xxx/CVE-2021-35592.json +++ b/2021/35xxx/CVE-2021-35592.json @@ -72,6 +72,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1228/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1228/" } ] } diff --git a/2021/35xxx/CVE-2021-35593.json b/2021/35xxx/CVE-2021-35593.json index 7c2b8821707..782c3b4693a 100644 --- a/2021/35xxx/CVE-2021-35593.json +++ b/2021/35xxx/CVE-2021-35593.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1229/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1229/" } ] } diff --git a/2021/35xxx/CVE-2021-35594.json b/2021/35xxx/CVE-2021-35594.json index bf647e512f7..fe9c2f4a68a 100644 --- a/2021/35xxx/CVE-2021-35594.json +++ b/2021/35xxx/CVE-2021-35594.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1227/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1227/" } ] } diff --git a/2021/35xxx/CVE-2021-35598.json b/2021/35xxx/CVE-2021-35598.json index 71a8edad988..3e18312c5c6 100644 --- a/2021/35xxx/CVE-2021-35598.json +++ b/2021/35xxx/CVE-2021-35598.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1230/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1230/" } ] } diff --git a/2021/35xxx/CVE-2021-35611.json b/2021/35xxx/CVE-2021-35611.json index 0b61b03e3c8..1d835f045d6 100644 --- a/2021/35xxx/CVE-2021-35611.json +++ b/2021/35xxx/CVE-2021-35611.json @@ -68,6 +68,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1231/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1231/" } ] } diff --git a/2021/35xxx/CVE-2021-35621.json b/2021/35xxx/CVE-2021-35621.json index be39da03d3a..40615dcfe60 100644 --- a/2021/35xxx/CVE-2021-35621.json +++ b/2021/35xxx/CVE-2021-35621.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1232/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1232/" } ] } diff --git a/2021/40xxx/CVE-2021-40487.json b/2021/40xxx/CVE-2021-40487.json index 1da90890bb9..e4a18a26ff7 100644 --- a/2021/40xxx/CVE-2021-40487.json +++ b/2021/40xxx/CVE-2021-40487.json @@ -76,6 +76,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1225/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1225/" } ] } diff --git a/2021/41xxx/CVE-2021-41344.json b/2021/41xxx/CVE-2021-41344.json index e16edcbed73..d7f7485026d 100644 --- a/2021/41xxx/CVE-2021-41344.json +++ b/2021/41xxx/CVE-2021-41344.json @@ -76,6 +76,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1224/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1224/" } ] } diff --git a/2021/41xxx/CVE-2021-41511.json b/2021/41xxx/CVE-2021-41511.json index 3b239107095..77dac8da05f 100644 --- a/2021/41xxx/CVE-2021-41511.json +++ b/2021/41xxx/CVE-2021-41511.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "https://streamable.com/9fq8uw", "url": "https://streamable.com/9fq8uw" + }, + { + "refsource": "MISC", + "name": "https://www.nu11secur1ty.com/2021/10/cve-2021-41511.html", + "url": "https://www.nu11secur1ty.com/2021/10/cve-2021-41511.html" } ] } diff --git a/2021/41xxx/CVE-2021-41790.json b/2021/41xxx/CVE-2021-41790.json index 3bd9094eced..f683106a9af 100644 --- a/2021/41xxx/CVE-2021-41790.json +++ b/2021/41xxx/CVE-2021-41790.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41790", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41790", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.themissinglink.com.au/", + "refsource": "MISC", + "name": "https://www.themissinglink.com.au/" + }, + { + "refsource": "MISC", + "name": "https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md", + "url": "https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md" } ] } diff --git a/2021/41xxx/CVE-2021-41791.json b/2021/41xxx/CVE-2021-41791.json index 0b03e9c9184..9cdde6caf25 100644 --- a/2021/41xxx/CVE-2021-41791.json +++ b/2021/41xxx/CVE-2021-41791.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41791", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41791", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.themissinglink.com.au/", + "refsource": "MISC", + "name": "https://www.themissinglink.com.au/" + }, + { + "refsource": "MISC", + "name": "https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md", + "url": "https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md" } ] } diff --git a/2021/41xxx/CVE-2021-41792.json b/2021/41xxx/CVE-2021-41792.json index 83deea2ed03..e60a16f0f31 100644 --- a/2021/41xxx/CVE-2021-41792.json +++ b/2021/41xxx/CVE-2021-41792.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41792", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41792", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.themissinglink.com.au/", + "refsource": "MISC", + "name": "https://www.themissinglink.com.au/" + }, + { + "refsource": "MISC", + "name": "https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md", + "url": "https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md" } ] }