From d06b19066a999f919fbcc3161a949b84f37aaa6b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 27 May 2021 00:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/1000xxx/CVE-2019-1000018.json | 5 +++ 2019/3xxx/CVE-2019-3463.json | 5 +++ 2019/3xxx/CVE-2019-3464.json | 5 +++ 2020/10xxx/CVE-2020-10753.json | 5 +++ 2020/1xxx/CVE-2020-1759.json | 5 +++ 2020/1xxx/CVE-2020-1760.json | 5 +++ 2020/25xxx/CVE-2020-25660.json | 5 +++ 2020/25xxx/CVE-2020-25678.json | 5 +++ 2020/27xxx/CVE-2020-27781.json | 5 +++ 2020/27xxx/CVE-2020-27831.json | 50 +++++++++++++++++++-- 2021/20xxx/CVE-2021-20288.json | 10 +++++ 2021/22xxx/CVE-2021-22543.json | 5 +++ 2021/30xxx/CVE-2021-30499.json | 55 +++++++++++++++++++++-- 2021/30xxx/CVE-2021-30500.json | 60 +++++++++++++++++++++++-- 2021/30xxx/CVE-2021-30501.json | 65 +++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3509.json | 70 ++++++++++++++++++++++++++++-- 16 files changed, 345 insertions(+), 15 deletions(-) diff --git a/2019/1000xxx/CVE-2019-1000018.json b/2019/1000xxx/CVE-2019-1000018.json index 4c2c6da96ce..4977d8a5d6e 100644 --- a/2019/1000xxx/CVE-2019-1000018.json +++ b/2019/1000xxx/CVE-2019-1000018.json @@ -94,6 +94,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-29", "url": "https://security.gentoo.org/glsa/202007-29" + }, + { + "refsource": "FULLDISC", + "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account", + "url": "http://seclists.org/fulldisclosure/2021/May/78" } ] } diff --git a/2019/3xxx/CVE-2019-3463.json b/2019/3xxx/CVE-2019-3463.json index 382d775ef58..244e4a85d7d 100644 --- a/2019/3xxx/CVE-2019-3463.json +++ b/2019/3xxx/CVE-2019-3463.json @@ -97,6 +97,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-29", "url": "https://security.gentoo.org/glsa/202007-29" + }, + { + "refsource": "FULLDISC", + "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account", + "url": "http://seclists.org/fulldisclosure/2021/May/78" } ] } diff --git a/2019/3xxx/CVE-2019-3464.json b/2019/3xxx/CVE-2019-3464.json index 37303e789c2..422b99af17c 100644 --- a/2019/3xxx/CVE-2019-3464.json +++ b/2019/3xxx/CVE-2019-3464.json @@ -97,6 +97,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-29", "url": "https://security.gentoo.org/glsa/202007-29" + }, + { + "refsource": "FULLDISC", + "name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account", + "url": "http://seclists.org/fulldisclosure/2021/May/78" } ] } diff --git a/2020/10xxx/CVE-2020-10753.json b/2020/10xxx/CVE-2020-10753.json index 3f77e4222e8..bde78f3a870 100644 --- a/2020/10xxx/CVE-2020-10753.json +++ b/2020/10xxx/CVE-2020-10753.json @@ -63,6 +63,11 @@ "refsource": "UBUNTU", "name": "USN-4528-1", "url": "https://usn.ubuntu.com/4528-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202105-39", + "url": "https://security.gentoo.org/glsa/202105-39" } ] }, diff --git a/2020/1xxx/CVE-2020-1759.json b/2020/1xxx/CVE-2020-1759.json index 4ec0b08c00a..e17da9807a6 100644 --- a/2020/1xxx/CVE-2020-1759.json +++ b/2020/1xxx/CVE-2020-1759.json @@ -56,6 +56,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-81b9c6cddc", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202105-39", + "url": "https://security.gentoo.org/glsa/202105-39" } ] }, diff --git a/2020/1xxx/CVE-2020-1760.json b/2020/1xxx/CVE-2020-1760.json index f4d68f61424..b445419c7dd 100644 --- a/2020/1xxx/CVE-2020-1760.json +++ b/2020/1xxx/CVE-2020-1760.json @@ -69,6 +69,11 @@ "refsource": "UBUNTU", "name": "USN-4528-1", "url": "https://usn.ubuntu.com/4528-1/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202105-39", + "url": "https://security.gentoo.org/glsa/202105-39" } ] }, diff --git a/2020/25xxx/CVE-2020-25660.json b/2020/25xxx/CVE-2020-25660.json index b1f4fd2d37f..9383375ed1f 100644 --- a/2020/25xxx/CVE-2020-25660.json +++ b/2020/25xxx/CVE-2020-25660.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-a8f1120195", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBC4KZ44QUQENTYZPVHORGL4K2KV5V4F/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202105-39", + "url": "https://security.gentoo.org/glsa/202105-39" } ] }, diff --git a/2020/25xxx/CVE-2020-25678.json b/2020/25xxx/CVE-2020-25678.json index b2ee64472df..532f2ddb29b 100644 --- a/2020/25xxx/CVE-2020-25678.json +++ b/2020/25xxx/CVE-2020-25678.json @@ -58,6 +58,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-93ff9e9103", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202105-39", + "url": "https://security.gentoo.org/glsa/202105-39" } ] }, diff --git a/2020/27xxx/CVE-2020-27781.json b/2020/27xxx/CVE-2020-27781.json index d37f643bd6c..214e6dec5db 100644 --- a/2020/27xxx/CVE-2020-27781.json +++ b/2020/27xxx/CVE-2020-27781.json @@ -53,6 +53,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-fcafbe7225", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJ7FFROL25FYRL6FMI33VRKOD74LINRP/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202105-39", + "url": "https://security.gentoo.org/glsa/202105-39" } ] }, diff --git a/2020/27xxx/CVE-2020-27831.json b/2020/27xxx/CVE-2020-27831.json index 9c2e414ebdf..63140633e9d 100644 --- a/2020/27xxx/CVE-2020-27831.json +++ b/2020/27xxx/CVE-2020-27831.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-27831", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "quay", + "version": { + "version_data": [ + { + "version_value": "Quay 3.3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905758", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905758" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications." } ] } diff --git a/2021/20xxx/CVE-2021-20288.json b/2021/20xxx/CVE-2021-20288.json index e9f8727b6f0..2bd4a8f9fc5 100644 --- a/2021/20xxx/CVE-2021-20288.json +++ b/2021/20xxx/CVE-2021-20288.json @@ -58,6 +58,16 @@ "refsource": "FEDORA", "name": "FEDORA-2021-e65b9fb52e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BPIAYTRCWAU4XWCDBK2THEFVXSC4XGK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-168fbed46f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVWUKUUS5BCIFWRV3JCUQMAPJ4HIWSED/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-202105-39", + "url": "https://security.gentoo.org/glsa/202105-39" } ] }, diff --git a/2021/22xxx/CVE-2021-22543.json b/2021/22xxx/CVE-2021-22543.json index c0f08c7ac2c..b406b0360ad 100644 --- a/2021/22xxx/CVE-2021-22543.json +++ b/2021/22xxx/CVE-2021-22543.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210526 CVE-2021-22543 - /dev/kvm LPE", "url": "http://www.openwall.com/lists/oss-security/2021/05/26/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210526 Re: CVE-2021-22543 - /dev/kvm LPE", + "url": "http://www.openwall.com/lists/oss-security/2021/05/26/5" } ] }, diff --git a/2021/30xxx/CVE-2021-30499.json b/2021/30xxx/CVE-2021-30499.json index 3d59c94d5f7..3e48b0fcc1b 100644 --- a/2021/30xxx/CVE-2021-30499.json +++ b/2021/30xxx/CVE-2021-30499.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30499", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libcaca", + "version": { + "version_data": [ + { + "version_value": "master" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1948679", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948679" + }, + { + "refsource": "MISC", + "name": "https://github.com/cacalabs/libcaca/issues/54", + "url": "https://github.com/cacalabs/libcaca/issues/54" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences." } ] } diff --git a/2021/30xxx/CVE-2021-30500.json b/2021/30xxx/CVE-2021-30500.json index 7676b3ec2d6..a0e40486e3a 100644 --- a/2021/30xxx/CVE-2021-30500.json +++ b/2021/30xxx/CVE-2021-30500.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "upx", + "version": { + "version_data": [ + { + "version_value": "upx 4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1948692", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948692" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/issues/485", + "url": "https://github.com/upx/upx/issues/485" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc", + "url": "https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file." } ] } diff --git a/2021/30xxx/CVE-2021-30501.json b/2021/30xxx/CVE-2021-30501.json index a7052655eab..35467564748 100644 --- a/2021/30xxx/CVE-2021-30501.json +++ b/2021/30xxx/CVE-2021-30501.json @@ -4,14 +4,73 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "upx", + "version": { + "version_data": [ + { + "version_value": "upx 4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1948696", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948696" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/issues/486", + "url": "https://github.com/upx/upx/issues/486" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/pull/487", + "url": "https://github.com/upx/upx/pull/487" + }, + { + "refsource": "MISC", + "name": "https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46", + "url": "https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file." } ] } diff --git a/2021/3xxx/CVE-2021-3509.json b/2021/3xxx/CVE-2021-3509.json index dd95aa526f2..25486b85ef2 100644 --- a/2021/3xxx/CVE-2021-3509.json +++ b/2021/3xxx/CVE-2021-3509.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ceph-dashboard", + "version": { + "version_data": [ + { + "version_value": "as shipped in Red Hat Ceph Storage 4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950116", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950116" + }, + { + "refsource": "MISC", + "name": "https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409", + "url": "https://github.com/ceph/ceph/blob/f1557e8f62d31883d3d34ae241a1a26af11d923f/src/pybind/mgr/dashboard/controllers/docs.py#L394-L409" + }, + { + "refsource": "MISC", + "name": "https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca", + "url": "https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca" + }, + { + "refsource": "MISC", + "name": "https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b", + "url": "https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b" + }, + { + "refsource": "MISC", + "name": "https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27", + "url": "https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability." } ] }