From cadbf87cd36d57ad5400632124dbd3b9d6acb3a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 23 Sep 2021 13:00:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/22xxx/CVE-2021-22015.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22016.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22017.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22018.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22019.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22020.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22931.json | 5 ++++ 2021/22xxx/CVE-2021-22940.json | 5 ++++ 2021/22xxx/CVE-2021-22941.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22945.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22948.json | 55 ++++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22949.json | 55 ++++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22950.json | 55 ++++++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22952.json | 50 +++++++++++++++++++++++++++++-- 2021/22xxx/CVE-2021-22953.json | 55 ++++++++++++++++++++++++++++++++-- 2021/29xxx/CVE-2021-29630.json | 5 ++++ 2021/29xxx/CVE-2021-29631.json | 5 ++++ 2021/34xxx/CVE-2021-34798.json | 5 ++++ 2021/35xxx/CVE-2021-35515.json | 5 ++++ 2021/35xxx/CVE-2021-35516.json | 5 ++++ 2021/35xxx/CVE-2021-35517.json | 5 ++++ 2021/36xxx/CVE-2021-36090.json | 5 ++++ 2021/36xxx/CVE-2021-36160.json | 5 ++++ 2021/37xxx/CVE-2021-37750.json | 5 ++++ 2021/39xxx/CVE-2021-39139.json | 5 ++++ 2021/39xxx/CVE-2021-39140.json | 5 ++++ 2021/39xxx/CVE-2021-39141.json | 5 ++++ 2021/39xxx/CVE-2021-39144.json | 5 ++++ 2021/39xxx/CVE-2021-39145.json | 5 ++++ 2021/39xxx/CVE-2021-39146.json | 5 ++++ 2021/39xxx/CVE-2021-39147.json | 5 ++++ 2021/39xxx/CVE-2021-39148.json | 5 ++++ 2021/39xxx/CVE-2021-39149.json | 5 ++++ 2021/39xxx/CVE-2021-39150.json | 5 ++++ 2021/39xxx/CVE-2021-39151.json | 5 ++++ 2021/39xxx/CVE-2021-39152.json | 5 ++++ 2021/39xxx/CVE-2021-39153.json | 5 ++++ 2021/39xxx/CVE-2021-39154.json | 5 ++++ 2021/39xxx/CVE-2021-39275.json | 5 ++++ 2021/3xxx/CVE-2021-3713.json | 5 ++++ 2021/40xxx/CVE-2021-40438.json | 5 ++++ 41 files changed, 771 insertions(+), 39 deletions(-) diff --git a/2021/22xxx/CVE-2021-22015.json b/2021/22xxx/CVE-2021-22015.json index 418671b9a77..c624726ca08 100644 --- a/2021/22xxx/CVE-2021-22015.json +++ b/2021/22xxx/CVE-2021-22015.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22015", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server, VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multiple local privilege escalation vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance." } ] } diff --git a/2021/22xxx/CVE-2021-22016.json b/2021/22xxx/CVE-2021-22016.json index f19ff1b12ef..50ff93b47f6 100644 --- a/2021/22xxx/CVE-2021-22016.json +++ b/2021/22xxx/CVE-2021-22016.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server, VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server 6.7 before 6.7 U3o and VMware Cloud Foundation 3.x before 3.10.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected XSS vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link." } ] } diff --git a/2021/22xxx/CVE-2021-22017.json b/2021/22xxx/CVE-2021-22017.json index 24eae286aeb..126badfb651 100644 --- a/2021/22xxx/CVE-2021-22017.json +++ b/2021/22xxx/CVE-2021-22017.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22017", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server, VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server(6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation 3.x before 3.10.2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Rhttpproxy bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed." } ] } diff --git a/2021/22xxx/CVE-2021-22018.json b/2021/22xxx/CVE-2021-22018.json index 790afc0429e..44721d18c90 100644 --- a/2021/22xxx/CVE-2021-22018.json +++ b/2021/22xxx/CVE-2021-22018.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server, VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server 7.x before 7.0.2 U2d and VMware Cloud Foundation 4.x before 4.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File deletion vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files." } ] } diff --git a/2021/22xxx/CVE-2021-22019.json b/2021/22xxx/CVE-2021-22019.json index dc3fb8231df..600887d9649 100644 --- a/2021/22xxx/CVE-2021-22019.json +++ b/2021/22xxx/CVE-2021-22019.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22019", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server, VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server(7.x before 7.0 U2c, 6.7 before 6.7 U3o and 6.5 before 6.5 U3q) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a specially crafted jsonrpc message to create a denial of service condition." } ] } diff --git a/2021/22xxx/CVE-2021-22020.json b/2021/22xxx/CVE-2021-22020.json index a0f90995761..d9933ff8f4e 100644 --- a/2021/22xxx/CVE-2021-22020.json +++ b/2021/22xxx/CVE-2021-22020.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22020", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware vCenter Server, VMware Cloud Foundation", + "version": { + "version_data": [ + { + "version_value": "VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2021-0020.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server." } ] } diff --git a/2021/22xxx/CVE-2021-22931.json b/2021/22xxx/CVE-2021-22931.json index 026a3a999b8..aad3076965b 100644 --- a/2021/22xxx/CVE-2021-22931.json +++ b/2021/22xxx/CVE-2021-22931.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://hackerone.com/reports/1178337", "url": "https://hackerone.com/reports/1178337" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0001/" } ] }, diff --git a/2021/22xxx/CVE-2021-22940.json b/2021/22xxx/CVE-2021-22940.json index 6e6929490ac..3e38a2ea313 100644 --- a/2021/22xxx/CVE-2021-22940.json +++ b/2021/22xxx/CVE-2021-22940.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0001/" } ] }, diff --git a/2021/22xxx/CVE-2021-22941.json b/2021/22xxx/CVE-2021-22941.json index 9270c1dfdea..c978167f3f4 100644 --- a/2021/22xxx/CVE-2021-22941.json +++ b/2021/22xxx/CVE-2021-22941.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22941", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Citrix ShareFile storage zones controller", + "version": { + "version_data": [ + { + "version_value": "5.11.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.citrix.com/article/CTX328123", + "url": "https://support.citrix.com/article/CTX328123" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller." } ] } diff --git a/2021/22xxx/CVE-2021-22945.json b/2021/22xxx/CVE-2021-22945.json index 1f8961064de..111dae18c13 100644 --- a/2021/22xxx/CVE-2021-22945.json +++ b/2021/22xxx/CVE-2021-22945.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22945", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/curl/curl", + "version": { + "version_data": [ + { + "version_value": "curl 7.73.0 to and including 7.78.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free (CWE-415)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1269242", + "url": "https://hackerone.com/reports/1269242" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*." } ] } diff --git a/2021/22xxx/CVE-2021-22948.json b/2021/22xxx/CVE-2021-22948.json index 9db95b2ee4f..177401628f5 100644 --- a/2021/22xxx/CVE-2021-22948.json +++ b/2021/22xxx/CVE-2021-22948.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22948", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/revive-adserver/revive-adserver", + "version": { + "version_data": [ + { + "version_value": "Fixed version v5.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1187820", + "url": "https://hackerone.com/reports/1187820" + }, + { + "refsource": "MISC", + "name": "https://www.revive-adserver.com/security/revive-sa-2021-005/", + "url": "https://www.revive-adserver.com/security/revive-sa-2021-005/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account." } ] } diff --git a/2021/22xxx/CVE-2021-22949.json b/2021/22xxx/CVE-2021-22949.json index 1b6c21f1c0e..75d2b727f97 100644 --- a/2021/22xxx/CVE-2021-22949.json +++ b/2021/22xxx/CVE-2021-22949.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22949", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/concrete5/concrete5", + "version": { + "version_data": [ + { + "version_value": "Fixed in version 8.5.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1102225", + "url": "https://hackerone.com/reports/1102225" + }, + { + "refsource": "MISC", + "name": "https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes", + "url": "https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: \"Solar Security CMS Research Team\"" } ] } diff --git a/2021/22xxx/CVE-2021-22950.json b/2021/22xxx/CVE-2021-22950.json index 29b9257929a..b39e5312f4b 100644 --- a/2021/22xxx/CVE-2021-22950.json +++ b/2021/22xxx/CVE-2021-22950.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22950", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/concrete5/concrete5", + "version": { + "version_data": [ + { + "version_value": "Fixed version 8.5.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes", + "url": "https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1102177", + "url": "https://hackerone.com/reports/1102177" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: \"Solar Security Research Team\"" } ] } diff --git a/2021/22xxx/CVE-2021-22952.json b/2021/22xxx/CVE-2021-22952.json index 64739357459..eb5719a23af 100644 --- a/2021/22xxx/CVE-2021-22952.json +++ b/2021/22xxx/CVE-2021-22952.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22952", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "UniFi Talk application", + "version": { + "version_data": [ + { + "version_value": "Fixed on 1.12.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection (CWE-94)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://community.ui.com/releases/Security-Advisory-Bulletin-020-020/8ce6a7e6-0cce-4814-8bbe-ee812cb94b1a", + "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-020-020/8ce6a7e6-0cce-4814-8bbe-ee812cb94b1a" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later." } ] } diff --git a/2021/22xxx/CVE-2021-22953.json b/2021/22xxx/CVE-2021-22953.json index dacde574c94..5b80586a3d8 100644 --- a/2021/22xxx/CVE-2021-22953.json +++ b/2021/22xxx/CVE-2021-22953.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/concrete5/concrete5", + "version": { + "version_data": [ + { + "version_value": "fixed in Concrete CMS version 8.5.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (CWE-352)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1102225", + "url": "https://hackerone.com/reports/1102225" + }, + { + "refsource": "MISC", + "name": "https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes", + "url": "https://documentation.concretecms.org/developers/introduction/version-history/856-release-notes" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: \"Solar Security Research Team\"" } ] } diff --git a/2021/29xxx/CVE-2021-29630.json b/2021/29xxx/CVE-2021-29630.json index 86b19264211..9261c066979 100644 --- a/2021/29xxx/CVE-2021-29630.json +++ b/2021/29xxx/CVE-2021-29630.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0005/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0005/" } ] }, diff --git a/2021/29xxx/CVE-2021-29631.json b/2021/29xxx/CVE-2021-29631.json index 99e675d7f61..84254610c0f 100644 --- a/2021/29xxx/CVE-2021-29631.json +++ b/2021/29xxx/CVE-2021-29631.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0004/" } ] }, diff --git a/2021/34xxx/CVE-2021-34798.json b/2021/34xxx/CVE-2021-34798.json index 973510c8feb..a790b020ad4 100644 --- a/2021/34xxx/CVE-2021-34798.json +++ b/2021/34xxx/CVE-2021-34798.json @@ -88,6 +88,11 @@ "refsource": "MLIST", "name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", + "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E" } ] }, diff --git a/2021/35xxx/CVE-2021-35515.json b/2021/35xxx/CVE-2021-35515.json index 7aa9be5c969..7402a6155b4 100644 --- a/2021/35xxx/CVE-2021-35515.json +++ b/2021/35xxx/CVE-2021-35515.json @@ -148,6 +148,11 @@ "refsource": "MLIST", "name": "[skywalking-notifications] 20210802 [GitHub] [skywalking] codecov[bot] edited a comment on pull request #7400: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090", "url": "https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[poi-dev] 20210923 Re: [VOTE] Apache POI 5.1.0 release (RC1)", + "url": "https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E" } ] }, diff --git a/2021/35xxx/CVE-2021-35516.json b/2021/35xxx/CVE-2021-35516.json index 66d67c034db..97d366f8a30 100644 --- a/2021/35xxx/CVE-2021-35516.json +++ b/2021/35xxx/CVE-2021-35516.json @@ -133,6 +133,11 @@ "refsource": "MLIST", "name": "[skywalking-notifications] 20210802 [GitHub] [skywalking] codecov[bot] edited a comment on pull request #7400: Fix CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090", "url": "https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[poi-dev] 20210923 Re: [VOTE] Apache POI 5.1.0 release (RC1)", + "url": "https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E" } ] }, diff --git a/2021/35xxx/CVE-2021-35517.json b/2021/35xxx/CVE-2021-35517.json index 770018ab26e..6956534b9cf 100644 --- a/2021/35xxx/CVE-2021-35517.json +++ b/2021/35xxx/CVE-2021-35517.json @@ -151,6 +151,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20210908 [GitHub] [flink] MartijnVisser opened a new pull request #17194: [FLINK-24034] Upgrade commons-compress to 1.21 and other apache.commons updates", "url": "https://lists.apache.org/thread.html/r31f75743ac173b0a606f8ea6ea53f351f386c44e7bcf78ae04007c29@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[poi-dev] 20210923 Re: [VOTE] Apache POI 5.1.0 release (RC1)", + "url": "https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E" } ] }, diff --git a/2021/36xxx/CVE-2021-36090.json b/2021/36xxx/CVE-2021-36090.json index 60bf1f7849d..c720516af4e 100644 --- a/2021/36xxx/CVE-2021-36090.json +++ b/2021/36xxx/CVE-2021-36090.json @@ -206,6 +206,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20210811 [GitHub] [tomcat-jakartaee-migration] ebourg commented on issue #23: Vulnerability with Apache Commons Compress v1.20", "url": "https://lists.apache.org/thread.html/r75ffc7a461e7e7ae77690fa75bd47bb71365c732e0fbcc44da4f8ff5@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[poi-dev] 20210923 Re: [VOTE] Apache POI 5.1.0 release (RC1)", + "url": "https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E" } ] }, diff --git a/2021/36xxx/CVE-2021-36160.json b/2021/36xxx/CVE-2021-36160.json index b729aa3def1..17f9376a526 100644 --- a/2021/36xxx/CVE-2021-36160.json +++ b/2021/36xxx/CVE-2021-36160.json @@ -103,6 +103,11 @@ "refsource": "MLIST", "name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", + "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E" } ] }, diff --git a/2021/37xxx/CVE-2021-37750.json b/2021/37xxx/CVE-2021-37750.json index 355c505fa57..0f72745710e 100644 --- a/2021/37xxx/CVE-2021-37750.json +++ b/2021/37xxx/CVE-2021-37750.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-f2c8514f02", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0002/" } ] } diff --git a/2021/39xxx/CVE-2021-39139.json b/2021/39xxx/CVE-2021-39139.json index 974178b36fc..f1359725cab 100644 --- a/2021/39xxx/CVE-2021-39139.json +++ b/2021/39xxx/CVE-2021-39139.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39139.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39139.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39140.json b/2021/39xxx/CVE-2021-39140.json index f49bad6478f..6eede2b07a6 100644 --- a/2021/39xxx/CVE-2021-39140.json +++ b/2021/39xxx/CVE-2021-39140.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39140.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39140.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39141.json b/2021/39xxx/CVE-2021-39141.json index 31638da3e88..75fce5e5cd4 100644 --- a/2021/39xxx/CVE-2021-39141.json +++ b/2021/39xxx/CVE-2021-39141.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39141.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39141.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39144.json b/2021/39xxx/CVE-2021-39144.json index d680de65843..0c45f7604d9 100644 --- a/2021/39xxx/CVE-2021-39144.json +++ b/2021/39xxx/CVE-2021-39144.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39144.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39144.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39145.json b/2021/39xxx/CVE-2021-39145.json index 4fa1850a0b5..ba2b91a8a7e 100644 --- a/2021/39xxx/CVE-2021-39145.json +++ b/2021/39xxx/CVE-2021-39145.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39145.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39145.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39146.json b/2021/39xxx/CVE-2021-39146.json index aed6691311b..ef7988213db 100644 --- a/2021/39xxx/CVE-2021-39146.json +++ b/2021/39xxx/CVE-2021-39146.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39146.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39146.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39147.json b/2021/39xxx/CVE-2021-39147.json index c9cf341ace1..0ffdae5e377 100644 --- a/2021/39xxx/CVE-2021-39147.json +++ b/2021/39xxx/CVE-2021-39147.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39147.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39147.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39148.json b/2021/39xxx/CVE-2021-39148.json index c9b47432251..f8cc05b48a0 100644 --- a/2021/39xxx/CVE-2021-39148.json +++ b/2021/39xxx/CVE-2021-39148.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39148.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39148.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39149.json b/2021/39xxx/CVE-2021-39149.json index 9650899525c..dd7710469f7 100644 --- a/2021/39xxx/CVE-2021-39149.json +++ b/2021/39xxx/CVE-2021-39149.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39149.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39149.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39150.json b/2021/39xxx/CVE-2021-39150.json index b9de9231392..5891410f973 100644 --- a/2021/39xxx/CVE-2021-39150.json +++ b/2021/39xxx/CVE-2021-39150.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39150.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39150.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39151.json b/2021/39xxx/CVE-2021-39151.json index 2d8a34cea82..8d624df93a1 100644 --- a/2021/39xxx/CVE-2021-39151.json +++ b/2021/39xxx/CVE-2021-39151.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39151.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39151.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39152.json b/2021/39xxx/CVE-2021-39152.json index 7ce3836fb2b..2ff8df1d2d4 100644 --- a/2021/39xxx/CVE-2021-39152.json +++ b/2021/39xxx/CVE-2021-39152.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39152.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39152.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39153.json b/2021/39xxx/CVE-2021-39153.json index f83190c69b0..329feef21fd 100644 --- a/2021/39xxx/CVE-2021-39153.json +++ b/2021/39xxx/CVE-2021-39153.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39153.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39153.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39154.json b/2021/39xxx/CVE-2021-39154.json index a75c4890d71..3da35b31a86 100644 --- a/2021/39xxx/CVE-2021-39154.json +++ b/2021/39xxx/CVE-2021-39154.json @@ -86,6 +86,11 @@ "name": "https://x-stream.github.io/CVE-2021-39154.html", "refsource": "MISC", "url": "https://x-stream.github.io/CVE-2021-39154.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0003/" } ] }, diff --git a/2021/39xxx/CVE-2021-39275.json b/2021/39xxx/CVE-2021-39275.json index ca11a39ebcc..299e425e617 100644 --- a/2021/39xxx/CVE-2021-39275.json +++ b/2021/39xxx/CVE-2021-39275.json @@ -88,6 +88,11 @@ "refsource": "MLIST", "name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", + "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E" } ] }, diff --git a/2021/3xxx/CVE-2021-3713.json b/2021/3xxx/CVE-2021-3713.json index abed45e7387..f27a32e58fb 100644 --- a/2021/3xxx/CVE-2021-3713.json +++ b/2021/3xxx/CVE-2021-3713.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update", "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210923-0006/", + "url": "https://security.netapp.com/advisory/ntap-20210923-0006/" } ] }, diff --git a/2021/40xxx/CVE-2021-40438.json b/2021/40xxx/CVE-2021-40438.json index b2c76185dbe..d09df1e10b3 100644 --- a/2021/40xxx/CVE-2021-40438.json +++ b/2021/40xxx/CVE-2021-40438.json @@ -88,6 +88,11 @@ "refsource": "MLIST", "name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", + "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E" } ] },