From e5db42805821c757d9c7ac37a1159f59dea908c8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 May 2021 12:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/2xxx/CVE-2002-2438.json | 128 +++++++++++++++++++++++++++++++-- 2020/15xxx/CVE-2020-15279.json | 5 +- 2020/25xxx/CVE-2020-25709.json | 70 +++++++++++++++++- 2021/32xxx/CVE-2021-32917.json | 5 ++ 2021/32xxx/CVE-2021-32918.json | 5 ++ 2021/32xxx/CVE-2021-32919.json | 5 ++ 2021/32xxx/CVE-2021-32920.json | 5 ++ 2021/32xxx/CVE-2021-32921.json | 5 ++ 2021/3xxx/CVE-2021-3423.json | 7 +- 2021/3xxx/CVE-2021-3518.json | 60 +++++++++++++++- 2021/3xxx/CVE-2021-3531.json | 60 +++++++++++++++- 11 files changed, 334 insertions(+), 21 deletions(-) diff --git a/2002/2xxx/CVE-2002-2438.json b/2002/2xxx/CVE-2002-2438.json index 52161469585..0c889bf91e9 100644 --- a/2002/2xxx/CVE-2002-2438.json +++ b/2002/2xxx/CVE-2002-2438.json @@ -1,17 +1,131 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2002-2438", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-2438", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "before Linux kernel 2.4.20" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages", + "url": "http://www.openwall.com/lists/oss-security/2012/05/30/8" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages", + "url": "http://www.openwall.com/lists/oss-security/2012/05/30/4" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages", + "url": "http://www.openwall.com/lists/oss-security/2012/05/30/12" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages", + "url": "http://www.openwall.com/lists/oss-security/2012/05/30/11" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages", + "url": "http://www.openwall.com/lists/oss-security/2012/05/30/13" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120203 Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations", + "url": "http://www.openwall.com/lists/oss-security/2012/02/03/7" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120529 Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations", + "url": "http://www.openwall.com/lists/oss-security/2012/05/29/8" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20140212 Re: Old CVE ids, public, but still \"RESERVED\"", + "url": "http://www.openwall.com/lists/oss-security/2014/02/12/8" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages", + "url": "http://www.openwall.com/lists/oss-security/2012/05/30/9" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120531 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages", + "url": "http://www.openwall.com/lists/oss-security/2012/05/31/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20120530 CVE Request -- kernel: tcp: drop SYN+FIN messages", + "url": "http://www.openwall.com/lists/oss-security/2012/05/30/2" + }, + { + "refsource": "CERT-VN", + "name": "VU#464113", + "url": "https://www.kb.cert.org/vuls/id/464113" + }, + { + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/464113,", + "url": "https://www.kb.cert.org/vuls/id/464113," + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=744994,", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=744994," + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2012/02/03/7", + "url": "https://www.openwall.com/lists/oss-security/2012/02/03/7" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling." } ] } diff --git a/2020/15xxx/CVE-2020-15279.json b/2020/15xxx/CVE-2020-15279.json index 131c12f0f09..456cf864183 100644 --- a/2020/15xxx/CVE-2020-15279.json +++ b/2020/15xxx/CVE-2020-15279.json @@ -75,8 +75,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.bitdefender.com/support/security-advisories/scanning-exclusion-paths-disclosure-in-best-for-windows-va-9380" + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/scanning-exclusion-paths-disclosure-in-best-for-windows-va-9380", + "name": "https://www.bitdefender.com/support/security-advisories/scanning-exclusion-paths-disclosure-in-best-for-windows-va-9380" } ] }, diff --git a/2020/25xxx/CVE-2020-25709.json b/2020/25xxx/CVE-2020-25709.json index 0e2609b8cf6..b26c8bd5cac 100644 --- a/2020/25xxx/CVE-2020-25709.json +++ b/2020/25xxx/CVE-2020-25709.json @@ -4,14 +4,78 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-25709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenLDAP", + "version": { + "version_data": [ + { + "version_value": "openldap 2.4.56" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reachable Assertion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "DSA-4792", + "url": "https://www.debian.org/security/2020/dsa-4792" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201204 [SECURITY] [DLA 2481-1] openldap security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT212147", + "url": "https://support.apple.com/kb/HT212147" + }, + { + "refsource": "FULLDISC", + "name": "20210201 APPLE-SA-2021-02-01-1 macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave", + "url": "http://seclists.org/fulldisclosure/2021/Feb/14" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1899675", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899675" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP\u2019s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability." } ] } diff --git a/2021/32xxx/CVE-2021-32917.json b/2021/32xxx/CVE-2021-32917.json index 234a341676e..10d8247de8f 100644 --- a/2021/32xxx/CVE-2021-32917.json +++ b/2021/32xxx/CVE-2021-32917.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", "url": "http://www.openwall.com/lists/oss-security/2021/05/14/2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4916", + "url": "https://www.debian.org/security/2021/dsa-4916" } ] } diff --git a/2021/32xxx/CVE-2021-32918.json b/2021/32xxx/CVE-2021-32918.json index db92e0a78de..7e5f12f4d47 100644 --- a/2021/32xxx/CVE-2021-32918.json +++ b/2021/32xxx/CVE-2021-32918.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", "url": "http://www.openwall.com/lists/oss-security/2021/05/14/2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4916", + "url": "https://www.debian.org/security/2021/dsa-4916" } ] } diff --git a/2021/32xxx/CVE-2021-32919.json b/2021/32xxx/CVE-2021-32919.json index b5380f810ad..0d86cebc607 100644 --- a/2021/32xxx/CVE-2021-32919.json +++ b/2021/32xxx/CVE-2021-32919.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", "url": "http://www.openwall.com/lists/oss-security/2021/05/14/2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4916", + "url": "https://www.debian.org/security/2021/dsa-4916" } ] } diff --git a/2021/32xxx/CVE-2021-32920.json b/2021/32xxx/CVE-2021-32920.json index 6f021c4d0e3..7a342f334ce 100644 --- a/2021/32xxx/CVE-2021-32920.json +++ b/2021/32xxx/CVE-2021-32920.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", "url": "http://www.openwall.com/lists/oss-security/2021/05/14/2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4916", + "url": "https://www.debian.org/security/2021/dsa-4916" } ] } diff --git a/2021/32xxx/CVE-2021-32921.json b/2021/32xxx/CVE-2021-32921.json index 197987bf9f9..057da667d5e 100644 --- a/2021/32xxx/CVE-2021-32921.json +++ b/2021/32xxx/CVE-2021-32921.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20210514 Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)", "url": "http://www.openwall.com/lists/oss-security/2021/05/14/2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4916", + "url": "https://www.debian.org/security/2021/dsa-4916" } ] } diff --git a/2021/3xxx/CVE-2021-3423.json b/2021/3xxx/CVE-2021-3423.json index 26324e8afef..0bf753b1546 100644 --- a/2021/3xxx/CVE-2021-3423.json +++ b/2021/3xxx/CVE-2021-3423.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329." + "value": "Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329." } ] }, @@ -75,8 +75,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-gravityzone-business-security-va-9557" + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-gravityzone-business-security-va-9557", + "name": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-gravityzone-business-security-va-9557" } ] }, diff --git a/2021/3xxx/CVE-2021-3518.json b/2021/3xxx/CVE-2021-3518.json index 076c002c4f9..612e78470ff 100644 --- a/2021/3xxx/CVE-2021-3518.json +++ b/2021/3xxx/CVE-2021-3518.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libxml2", + "version": { + "version_data": [ + { + "version_value": "libxml2 2.9.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FEDORA", + "name": "FEDORA-2021-e3ed1ba38b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability." } ] } diff --git a/2021/3xxx/CVE-2021-3531.json b/2021/3xxx/CVE-2021-3531.json index 299e022d167..5d0918bb985 100644 --- a/2021/3xxx/CVE-2021-3531.json +++ b/2021/3xxx/CVE-2021-3531.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-3531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ceph", + "version": { + "version_data": [ + { + "version_value": "ceph 14.2.21" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20210514 CVE-2021-3531: Ceph: RGW unauthenticated denial of service", + "url": "http://www.openwall.com/lists/oss-security/2021/05/14/5" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20210517 Re: CVE-2021-3531: Ceph: RGW unauthenticated denial of service", + "url": "http://www.openwall.com/lists/oss-security/2021/05/17/7" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1955326", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955326" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability." } ] }