From d8ccc2e7f2d5ee1fd2c97f6bf2fa9c56d971f723 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 29 Sep 2021 20:00:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12030.json | 117 +++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21867.json | 5 ++ 2021/21xxx/CVE-2021-21868.json | 5 ++ 2021/21xxx/CVE-2021-21869.json | 5 ++ 2021/22xxx/CVE-2021-22946.json | 50 +++++++++++++- 2021/22xxx/CVE-2021-22947.json | 50 +++++++++++++- 2021/35xxx/CVE-2021-35943.json | 61 +++++++++++++++-- 2021/35xxx/CVE-2021-35944.json | 61 +++++++++++++++-- 2021/35xxx/CVE-2021-35945.json | 61 +++++++++++++++-- 2021/37xxx/CVE-2021-37605.json | 5 ++ 2021/39xxx/CVE-2021-39342.json | 100 ++++++++++++++++++++++++++-- 2021/3xxx/CVE-2021-3653.json | 55 +++++++++++++++- 2021/3xxx/CVE-2021-3840.json | 18 +++++ 2021/41xxx/CVE-2021-41764.json | 66 +++++++++++++++++-- 2021/41xxx/CVE-2021-41788.json | 18 +++++ 2021/41xxx/CVE-2021-41789.json | 18 +++++ 2021/41xxx/CVE-2021-41790.json | 18 +++++ 2021/41xxx/CVE-2021-41791.json | 18 +++++ 2021/41xxx/CVE-2021-41792.json | 18 +++++ 2021/41xxx/CVE-2021-41793.json | 18 +++++ 2021/41xxx/CVE-2021-41794.json | 18 +++++ 21 files changed, 740 insertions(+), 45 deletions(-) create mode 100644 2021/3xxx/CVE-2021-3840.json create mode 100644 2021/41xxx/CVE-2021-41788.json create mode 100644 2021/41xxx/CVE-2021-41789.json create mode 100644 2021/41xxx/CVE-2021-41790.json create mode 100644 2021/41xxx/CVE-2021-41791.json create mode 100644 2021/41xxx/CVE-2021-41792.json create mode 100644 2021/41xxx/CVE-2021-41793.json create mode 100644 2021/41xxx/CVE-2021-41794.json diff --git a/2020/12xxx/CVE-2020-12030.json b/2020/12xxx/CVE-2020-12030.json index 263ded7e9ed..07093b3b466 100644 --- a/2020/12xxx/CVE-2020-12030.json +++ b/2020/12xxx/CVE-2020-12030.json @@ -1,18 +1,123 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Emerson WirelessHART Gateway" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wireless 1410 Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.6.43", + "version_value": "4.7.84" + } + ] + } + }, + { + "product_name": "Wireless 1420 Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.6.43", + "version_value": "4.7.84" + } + ] + } + }, + { + "product_name": "Wireless 1552WU Gateway", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "4.6.43", + "version_value": "4.7.84" + } + ] + } + } + ] + }, + "vendor_name": "Emerson" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Emerson discovered this vulnerability and reported it to CISA once there was a solution." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " IMPROPER ACCESS CONTROL CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-135-02" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Emerson recommends end users update the firmware on VLAN-enabled Version 4 gateways as soon as possible.\n\nIf the VLAN feature is not enabled, no immediate action is necessary.\nPlease see Emerson\u2019s cybersecurity notification alert number EMR.RMT20001-1 for more information." + } + ], + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21867.json b/2021/21xxx/CVE-2021-21867.json index 126c00a0dc3..e044bba5ce2 100644 --- a/2021/21xxx/CVE-2021-21867.json +++ b/2021/21xxx/CVE-2021-21867.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1304", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1304" + }, + { + "refsource": "MISC", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=" } ] }, diff --git a/2021/21xxx/CVE-2021-21868.json b/2021/21xxx/CVE-2021-21868.json index 1a4249cf641..7dccb767ada 100644 --- a/2021/21xxx/CVE-2021-21868.json +++ b/2021/21xxx/CVE-2021-21868.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1305", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1305" + }, + { + "refsource": "MISC", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=" } ] }, diff --git a/2021/21xxx/CVE-2021-21869.json b/2021/21xxx/CVE-2021-21869.json index ca2a657cfe5..f30404a5b8e 100644 --- a/2021/21xxx/CVE-2021-21869.json +++ b/2021/21xxx/CVE-2021-21869.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1306", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1306" + }, + { + "refsource": "MISC", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16805&token=ee583c498941d9fda86490bca98ff21928eec08a&download=" } ] }, diff --git a/2021/22xxx/CVE-2021-22946.json b/2021/22xxx/CVE-2021-22946.json index d6e09bea0a7..63cb83062d8 100644 --- a/2021/22xxx/CVE-2021-22946.json +++ b/2021/22xxx/CVE-2021-22946.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22946", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/curl/curl", + "version": { + "version_data": [ + { + "version_value": "curl 7.20.0 to and including 7.78.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Required Cryptographic Step (CWE-325)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1334111", + "url": "https://hackerone.com/reports/1334111" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network." } ] } diff --git a/2021/22xxx/CVE-2021-22947.json b/2021/22xxx/CVE-2021-22947.json index 8554e8ef123..183b7298004 100644 --- a/2021/22xxx/CVE-2021-22947.json +++ b/2021/22xxx/CVE-2021-22947.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "https://github.com/curl/curl", + "version": { + "version_data": [ + { + "version_value": "curl 7.20.0 to and including 7.78.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues - Generic (CWE-310)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/1334763", + "url": "https://hackerone.com/reports/1334763" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server." } ] } diff --git a/2021/35xxx/CVE-2021-35943.json b/2021/35xxx/CVE-2021-35943.json index 975b477288d..091bd8a7b88 100644 --- a/2021/35xxx/CVE-2021-35943.json +++ b/2021/35xxx/CVE-2021-35943.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35943", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35943", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", + "refsource": "MISC", + "name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html" + }, + { + "refsource": "MISC", + "name": "https://www.couchbase.com/alerts", + "url": "https://www.couchbase.com/alerts" } ] } diff --git a/2021/35xxx/CVE-2021-35944.json b/2021/35xxx/CVE-2021-35944.json index 3f63a973c9c..412be0380bc 100644 --- a/2021/35xxx/CVE-2021-35944.json +++ b/2021/35xxx/CVE-2021-35944.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35944", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35944", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", + "refsource": "MISC", + "name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html" + }, + { + "refsource": "MISC", + "name": "https://www.couchbase.com/alerts", + "url": "https://www.couchbase.com/alerts" } ] } diff --git a/2021/35xxx/CVE-2021-35945.json b/2021/35xxx/CVE-2021-35945.json index 9d6169bdc66..89820396c18 100644 --- a/2021/35xxx/CVE-2021-35945.json +++ b/2021/35xxx/CVE-2021-35945.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35945", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35945", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", + "refsource": "MISC", + "name": "https://docs.couchbase.com/server/current/release-notes/relnotes.html" + }, + { + "refsource": "MISC", + "name": "https://www.couchbase.com/alerts", + "url": "https://www.couchbase.com/alerts" } ] } diff --git a/2021/37xxx/CVE-2021-37605.json b/2021/37xxx/CVE-2021-37605.json index 52e3d724a33..be53ab42cbf 100644 --- a/2021/37xxx/CVE-2021-37605.json +++ b/2021/37xxx/CVE-2021-37605.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads", "url": "https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads" + }, + { + "refsource": "MISC", + "name": "https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf", + "url": "https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf" } ] } diff --git a/2021/39xxx/CVE-2021-39342.json b/2021/39xxx/CVE-2021-39342.json index 8de0b4b002c..eb1717adf43 100644 --- a/2021/39xxx/CVE-2021-39342.json +++ b/2021/39xxx/CVE-2021-39342.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "AKA": "Wordfence", + "ASSIGNER": "security@wordfence.com", + "DATE_PUBLIC": "2021-09-29T16:39:00.000Z", "ID": "CVE-2021-39342", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Credova_Financial <= 1.4.8 Sensitive Information Disclosure" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Credova_Financial", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "1.4.8", + "version_value": "1.4.8" + } + ] + } + } + ] + }, + "vendor_name": "Credova Financial" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Marvin Santos" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39342", + "name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39342" + }, + { + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset/2606811/credova-financial/trunk/credova-financial.php", + "name": "https://plugins.trac.wordpress.org/changeset/2606811/credova-financial/trunk/credova-financial.php" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to version 1.4.9, or newer. " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/3xxx/CVE-2021-3653.json b/2021/3xxx/CVE-2021-3653.json index 223175afaa9..bd4e66c084d 100644 --- a/2021/3xxx/CVE-2021-3653.json +++ b/2021/3xxx/CVE-2021-3653.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "kernel 5.14-rc7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1983686", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983686" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2021/08/16/1", + "url": "https://www.openwall.com/lists/oss-security/2021/08/16/1" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7." } ] } diff --git a/2021/3xxx/CVE-2021-3840.json b/2021/3xxx/CVE-2021-3840.json new file mode 100644 index 00000000000..9add88e7c8c --- /dev/null +++ b/2021/3xxx/CVE-2021-3840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-3840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41764.json b/2021/41xxx/CVE-2021-41764.json index 8a6656fcaf5..fe9c75e887c 100644 --- a/2021/41xxx/CVE-2021-41764.json +++ b/2021/41xxx/CVE-2021-41764.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-41764", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-41764", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/streamaserver/streama", + "refsource": "MISC", + "name": "https://github.com/streamaserver/streama" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/omriinbar/3c741d309e5d0ede29dc7ecdad4eba3f", + "url": "https://gist.github.com/omriinbar/3c741d309e5d0ede29dc7ecdad4eba3f" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/omriinbar/8277193731d0edf20ef71299f304ab93", + "url": "https://gist.github.com/omriinbar/8277193731d0edf20ef71299f304ab93" } ] } diff --git a/2021/41xxx/CVE-2021-41788.json b/2021/41xxx/CVE-2021-41788.json new file mode 100644 index 00000000000..8e1df795bd2 --- /dev/null +++ b/2021/41xxx/CVE-2021-41788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41789.json b/2021/41xxx/CVE-2021-41789.json new file mode 100644 index 00000000000..a2e541d9b92 --- /dev/null +++ b/2021/41xxx/CVE-2021-41789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41790.json b/2021/41xxx/CVE-2021-41790.json new file mode 100644 index 00000000000..3bd9094eced --- /dev/null +++ b/2021/41xxx/CVE-2021-41790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41791.json b/2021/41xxx/CVE-2021-41791.json new file mode 100644 index 00000000000..0b03e9c9184 --- /dev/null +++ b/2021/41xxx/CVE-2021-41791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41792.json b/2021/41xxx/CVE-2021-41792.json new file mode 100644 index 00000000000..83deea2ed03 --- /dev/null +++ b/2021/41xxx/CVE-2021-41792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41793.json b/2021/41xxx/CVE-2021-41793.json new file mode 100644 index 00000000000..7a29064339a --- /dev/null +++ b/2021/41xxx/CVE-2021-41793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/41xxx/CVE-2021-41794.json b/2021/41xxx/CVE-2021-41794.json new file mode 100644 index 00000000000..4f466f03a03 --- /dev/null +++ b/2021/41xxx/CVE-2021-41794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-41794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file