From c776f90a3611ffee1a02649de827813b87bb94a4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 26 Feb 2021 03:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/24xxx/CVE-2020-24455.json | 60 ++++++++++++++++++++++-- 2020/36xxx/CVE-2020-36148.json | 5 ++ 2020/36xxx/CVE-2020-36149.json | 5 ++ 2020/36xxx/CVE-2020-36150.json | 5 ++ 2020/36xxx/CVE-2020-36151.json | 5 ++ 2020/36xxx/CVE-2020-36152.json | 5 ++ 2021/21xxx/CVE-2021-21330.json | 2 +- 2021/21xxx/CVE-2021-21724.json | 50 ++++++++++++++++++-- 2021/23xxx/CVE-2021-23336.json | 5 ++ 2021/23xxx/CVE-2021-23953.json | 85 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23954.json | 85 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23955.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23956.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23957.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23958.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23959.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23960.json | 85 ++++++++++++++++++++++++++++++++-- 2021/23xxx/CVE-2021-23961.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23962.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23963.json | 55 ++++++++++++++++++++-- 2021/23xxx/CVE-2021-23977.json | 55 ++++++++++++++++++++-- 2021/26xxx/CVE-2021-26933.json | 10 ++++ 2021/26xxx/CVE-2021-26934.json | 10 ++++ 2021/27xxx/CVE-2021-27135.json | 5 ++ 2021/3xxx/CVE-2021-3177.json | 5 ++ 25 files changed, 879 insertions(+), 43 deletions(-) diff --git a/2020/24xxx/CVE-2020-24455.json b/2020/24xxx/CVE-2020-24455.json index d4d42d95e08..6f2326d3336 100644 --- a/2020/24xxx/CVE-2020-24455.json +++ b/2020/24xxx/CVE-2020-24455.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-24455", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "TPM2 source", + "version": { + "version_data": [ + { + "version_value": "before 3.01, before 2.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902167", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902167" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3", + "url": "https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1", + "url": "https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3." } ] } diff --git a/2020/36xxx/CVE-2020-36148.json b/2020/36xxx/CVE-2020-36148.json index 38cdee0ae13..fd8ec8009aa 100644 --- a/2020/36xxx/CVE-2020-36148.json +++ b/2020/36xxx/CVE-2020-36148.json @@ -56,6 +56,11 @@ "url": "https://github.com/hoene/libmysofa/issues/138", "refsource": "MISC", "name": "https://github.com/hoene/libmysofa/issues/138" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4e40ccb5e6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/" } ] } diff --git a/2020/36xxx/CVE-2020-36149.json b/2020/36xxx/CVE-2020-36149.json index 1fe920d2d90..c1862211a62 100644 --- a/2020/36xxx/CVE-2020-36149.json +++ b/2020/36xxx/CVE-2020-36149.json @@ -56,6 +56,11 @@ "url": "https://github.com/hoene/libmysofa/issues/137", "refsource": "MISC", "name": "https://github.com/hoene/libmysofa/issues/137" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4e40ccb5e6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/" } ] } diff --git a/2020/36xxx/CVE-2020-36150.json b/2020/36xxx/CVE-2020-36150.json index 56c863867a8..6898c434629 100644 --- a/2020/36xxx/CVE-2020-36150.json +++ b/2020/36xxx/CVE-2020-36150.json @@ -56,6 +56,11 @@ "url": "https://github.com/hoene/libmysofa/issues/135", "refsource": "MISC", "name": "https://github.com/hoene/libmysofa/issues/135" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4e40ccb5e6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/" } ] } diff --git a/2020/36xxx/CVE-2020-36151.json b/2020/36xxx/CVE-2020-36151.json index 120be0f5461..02409178240 100644 --- a/2020/36xxx/CVE-2020-36151.json +++ b/2020/36xxx/CVE-2020-36151.json @@ -56,6 +56,11 @@ "url": "https://github.com/hoene/libmysofa/issues/134", "refsource": "MISC", "name": "https://github.com/hoene/libmysofa/issues/134" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4e40ccb5e6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/" } ] } diff --git a/2020/36xxx/CVE-2020-36152.json b/2020/36xxx/CVE-2020-36152.json index 9c4cd465471..5a739fb36fb 100644 --- a/2020/36xxx/CVE-2020-36152.json +++ b/2020/36xxx/CVE-2020-36152.json @@ -56,6 +56,11 @@ "url": "https://github.com/hoene/libmysofa/issues/136", "refsource": "MISC", "name": "https://github.com/hoene/libmysofa/issues/136" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4e40ccb5e6", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/" } ] } diff --git a/2021/21xxx/CVE-2021-21330.json b/2021/21xxx/CVE-2021-21330.json index bc607942e1b..830c7813ea2 100644 --- a/2021/21xxx/CVE-2021-21330.json +++ b/2021/21xxx/CVE-2021-21330.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows \"pip install aiohttp >= 3.7.4\". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.\n " + "value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows \"pip install aiohttp >= 3.7.4\". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications." } ] }, diff --git a/2021/21xxx/CVE-2021-21724.json b/2021/21xxx/CVE-2021-21724.json index a230a3cc819..906c4fd8f57 100644 --- a/2021/21xxx/CVE-2021-21724.json +++ b/2021/21xxx/CVE-2021-21724.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZXR10 8900E", + "version": { + "version_data": [ + { + "version_value": "all versions up to V3.03.20R2B30P1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1." } ] } diff --git a/2021/23xxx/CVE-2021-23336.json b/2021/23xxx/CVE-2021-23336.json index 162100df913..45be6fbef64 100644 --- a/2021/23xxx/CVE-2021-23336.json +++ b/2021/23xxx/CVE-2021-23336.json @@ -124,6 +124,11 @@ "refsource": "MLIST", "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-907f3bacae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/" } ] }, diff --git a/2021/23xxx/CVE-2021-23953.json b/2021/23xxx/CVE-2021-23953.json index 01ec01030b7..d753a0c6e21 100644 --- a/2021/23xxx/CVE-2021-23953.json +++ b/2021/23xxx/CVE-2021-23953.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "< 78.7" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "< 78.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-origin information leakage via redirected PDF requests" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-05/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683940", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683940" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7." } ] } diff --git a/2021/23xxx/CVE-2021-23954.json b/2021/23xxx/CVE-2021-23954.json index fa79b1ff78a..c4b196e5d9c 100644 --- a/2021/23xxx/CVE-2021-23954.json +++ b/2021/23xxx/CVE-2021-23954.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23954", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "< 78.7" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "< 78.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type confusion when using logical assignment operators in JavaScript switch statements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-05/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684020", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684020" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7." } ] } diff --git a/2021/23xxx/CVE-2021-23955.json b/2021/23xxx/CVE-2021-23955.json index a00a56e4043..222cb4235e5 100644 --- a/2021/23xxx/CVE-2021-23955.json +++ b/2021/23xxx/CVE-2021-23955.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clickjacking across tabs through misusing requestPointerLock" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684837", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684837" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23956.json b/2021/23xxx/CVE-2021-23956.json index e248f532761..aaa6c15907a 100644 --- a/2021/23xxx/CVE-2021-23956.json +++ b/2021/23xxx/CVE-2021-23956.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File picker dialog could have been used to disclose a complete directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1338637", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1338637" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23957.json b/2021/23xxx/CVE-2021-23957.json index f8f6ac94741..d4b7d177959 100644 --- a/2021/23xxx/CVE-2021-23957.json +++ b/2021/23xxx/CVE-2021-23957.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23957", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Iframe sandbox could have been bypassed on Android via the intent URL scheme" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584582", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584582" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23958.json b/2021/23xxx/CVE-2021-23958.json index 03b5f76ad3f..b77e98618d4 100644 --- a/2021/23xxx/CVE-2021-23958.json +++ b/2021/23xxx/CVE-2021-23958.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Screen sharing permission leaked across tabs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1642747", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1642747" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23959.json b/2021/23xxx/CVE-2021-23959.json index f0395f7a341..423824ddb42 100644 --- a/2021/23xxx/CVE-2021-23959.json +++ b/2021/23xxx/CVE-2021-23959.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23959", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting in error pages on Firefox for Android" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1659035", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1659035" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23960.json b/2021/23xxx/CVE-2021-23960.json index cd3214c7497..3a1decad0e4 100644 --- a/2021/23xxx/CVE-2021-23960.json +++ b/2021/23xxx/CVE-2021-23960.json @@ -4,14 +4,93 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23960", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_value": "< 78.7" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_value": "< 78.7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-poison for incorrectly redeclared JavaScript variables during GC" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-04/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-04/" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-05/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-05/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675755", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675755" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7." } ] } diff --git a/2021/23xxx/CVE-2021-23961.json b/2021/23xxx/CVE-2021-23961.json index d490b6769fb..4280da8960c 100644 --- a/2021/23xxx/CVE-2021-23961.json +++ b/2021/23xxx/CVE-2021-23961.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23961", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "More internal network hosts could have been probed by a malicious webpage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677940", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677940" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23962.json b/2021/23xxx/CVE-2021-23962.json index cd40dbbde98..3122e1fc970 100644 --- a/2021/23xxx/CVE-2021-23962.json +++ b/2021/23xxx/CVE-2021-23962.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23962", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-poison in nsTreeBodyFrame::RowCountChanged" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677194", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677194" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23963.json b/2021/23xxx/CVE-2021-23963.json index 5dd5d024c30..3702f7d2650 100644 --- a/2021/23xxx/CVE-2021-23963.json +++ b/2021/23xxx/CVE-2021-23963.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23963", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 85" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission prompt inaccessible after asking for additional permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-03/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-03/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1680793", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1680793" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85." } ] } diff --git a/2021/23xxx/CVE-2021-23977.json b/2021/23xxx/CVE-2021-23977.json index 80291c13894..49b9ab506ef 100644 --- a/2021/23xxx/CVE-2021-23977.json +++ b/2021/23xxx/CVE-2021-23977.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-23977", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "< 86" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Malicious application could read sensitive data from Firefox for Android's application directories" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mozilla.org/security/advisories/mfsa2021-07/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2021-07/" + }, + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684761", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684761" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86." } ] } diff --git a/2021/26xxx/CVE-2021-26933.json b/2021/26xxx/CVE-2021-26933.json index eba19643d2d..bab236831c6 100644 --- a/2021/26xxx/CVE-2021-26933.json +++ b/2021/26xxx/CVE-2021-26933.json @@ -56,6 +56,16 @@ "url": "http://xenbits.xen.org/xsa/advisory-364.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-364.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4c819bf1ad", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-47f53a940a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/" } ] } diff --git a/2021/26xxx/CVE-2021-26934.json b/2021/26xxx/CVE-2021-26934.json index 3e61ad4e337..69e4f48e87c 100644 --- a/2021/26xxx/CVE-2021-26934.json +++ b/2021/26xxx/CVE-2021-26934.json @@ -56,6 +56,16 @@ "url": "http://xenbits.xen.org/xsa/advisory-363.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-363.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-4c819bf1ad", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-47f53a940a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/" } ] } diff --git a/2021/27xxx/CVE-2021-27135.json b/2021/27xxx/CVE-2021-27135.json index b6253416ce3..898331c3371 100644 --- a/2021/27xxx/CVE-2021-27135.json +++ b/2021/27xxx/CVE-2021-27135.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210213 [SECURITY] [DLA 2558-1] xterm security update", "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00019.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-e7a8e79fa8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35LK2ZXEIJUOGOA7FV2TJL3L6LFJ4X5S/" } ] } diff --git a/2021/3xxx/CVE-2021-3177.json b/2021/3xxx/CVE-2021-3177.json index ea8a1db0cef..3ffd80df330 100644 --- a/2021/3xxx/CVE-2021-3177.json +++ b/2021/3xxx/CVE-2021-3177.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-907f3bacae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/" } ] }