From e851281df4876b11cbf6d3b872011c420bcbaa73 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 16 Jul 2021 11:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/25xxx/CVE-2020-25709.json | 5 ++++ 2020/25xxx/CVE-2020-25710.json | 5 ++++ 2021/0xxx/CVE-2021-0051.json | 5 ++++ 2021/0xxx/CVE-2021-0129.json | 5 ++++ 2021/21xxx/CVE-2021-21799.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21800.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21801.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21802.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21803.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21804.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21816.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21817.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21818.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21819.json | 50 ++++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21820.json | 50 ++++++++++++++++++++++++++++++++-- 2021/26xxx/CVE-2021-26707.json | 5 ++++ 2021/28xxx/CVE-2021-28651.json | 5 ++++ 2021/28xxx/CVE-2021-28807.json | 10 +++++++ 2021/31xxx/CVE-2021-31806.json | 5 ++++ 2021/31xxx/CVE-2021-31807.json | 5 ++++ 2021/31xxx/CVE-2021-31808.json | 5 ++++ 2021/3xxx/CVE-2021-3489.json | 5 ++++ 2021/3xxx/CVE-2021-3490.json | 5 ++++ 2021/3xxx/CVE-2021-3491.json | 5 ++++ 2021/3xxx/CVE-2021-3516.json | 5 ++++ 2021/3xxx/CVE-2021-3530.json | 5 ++++ 26 files changed, 597 insertions(+), 33 deletions(-) diff --git a/2020/25xxx/CVE-2020-25709.json b/2020/25xxx/CVE-2020-25709.json index 32ca08e2109..3c1eb02fb69 100644 --- a/2020/25xxx/CVE-2020-25709.json +++ b/2020/25xxx/CVE-2020-25709.json @@ -78,6 +78,11 @@ "refsource": "MLIST", "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0003/" } ] }, diff --git a/2020/25xxx/CVE-2020-25710.json b/2020/25xxx/CVE-2020-25710.json index 8b303825249..b628736190d 100644 --- a/2020/25xxx/CVE-2020-25710.json +++ b/2020/25xxx/CVE-2020-25710.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0003/" } ] }, diff --git a/2021/0xxx/CVE-2021-0051.json b/2021/0xxx/CVE-2021-0051.json index 1101d1b17c1..6d5083bd760 100644 --- a/2021/0xxx/CVE-2021-0051.json +++ b/2021/0xxx/CVE-2021-0051.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00500.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00500.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0001/" } ] }, diff --git a/2021/0xxx/CVE-2021-0129.json b/2021/0xxx/CVE-2021-0129.json index eabdeaa2ccf..ecd3c2184f5 100644 --- a/2021/0xxx/CVE-2021-0129.json +++ b/2021/0xxx/CVE-2021-0129.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210626 [SECURITY] [DLA 2692-1] bluez security update", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0002/" } ] }, diff --git a/2021/21xxx/CVE-2021-21799.json b/2021/21xxx/CVE-2021-21799.json index f6fe6fd1c49..4ccd94d7352 100644 --- a/2021/21xxx/CVE-2021-21799.json +++ b/2021/21xxx/CVE-2021-21799.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21799", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech", + "version": { + "version_data": [ + { + "version_value": "Advantech R-SeeNet 2.4.12 (20.10.2020)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user\u2019s browser. An attacker can provide a crafted URL to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21800.json b/2021/21xxx/CVE-2021-21800.json index f529f4a2e10..2109b3bdb3f 100644 --- a/2021/21xxx/CVE-2021-21800.json +++ b/2021/21xxx/CVE-2021-21800.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech", + "version": { + "version_data": [ + { + "version_value": "Advantech R-SeeNet 2.4.12 (20.10.2020)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1271", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1271" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user\u2019s browser. An attacker can provide a crafted URL to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21801.json b/2021/21xxx/CVE-2021-21801.json index fb0c51418fe..2ce09729b76 100644 --- a/2021/21xxx/CVE-2021-21801.json +++ b/2021/21xxx/CVE-2021-21801.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21801", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech", + "version": { + "version_data": [ + { + "version_value": "Advantech R-SeeNet 2.4.12 (20.10.2020)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution." } ] } diff --git a/2021/21xxx/CVE-2021-21802.json b/2021/21xxx/CVE-2021-21802.json index 5f81b122522..8f64ec094bd 100644 --- a/2021/21xxx/CVE-2021-21802.json +++ b/2021/21xxx/CVE-2021-21802.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech", + "version": { + "version_data": [ + { + "version_value": "Advantech R-SeeNet 2.4.12 (20.10.2020)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution." } ] } diff --git a/2021/21xxx/CVE-2021-21803.json b/2021/21xxx/CVE-2021-21803.json index 35f1a7a5ae4..a139b120039 100644 --- a/2021/21xxx/CVE-2021-21803.json +++ b/2021/21xxx/CVE-2021-21803.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21803", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech", + "version": { + "version_data": [ + { + "version_value": "Advantech R-SeeNet 2.4.12 (20.10.2020)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution." } ] } diff --git a/2021/21xxx/CVE-2021-21804.json b/2021/21xxx/CVE-2021-21804.json index 9577f18ab7f..daaa4211130 100644 --- a/2021/21xxx/CVE-2021-21804.json +++ b/2021/21xxx/CVE-2021-21804.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21804", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech", + "version": { + "version_data": [ + { + "version_value": "Advantech R-SeeNet 2.4.12 (20.10.2020)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "PHP Remote File Inclusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1273", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1273" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21816.json b/2021/21xxx/CVE-2021-21816.json index 19629af9736..ce8dab2ae34 100644 --- a/2021/21xxx/CVE-2021-21816.json +++ b/2021/21xxx/CVE-2021-21816.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "D-LINK", + "version": { + "version_data": [ + { + "version_value": "D-LINK DIR-3040 1.13B03" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21817.json b/2021/21xxx/CVE-2021-21817.json index 1a10769ba5e..b8067dcf88c 100644 --- a/2021/21xxx/CVE-2021-21817.json +++ b/2021/21xxx/CVE-2021-21817.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21817", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "D-Link", + "version": { + "version_data": [ + { + "version_value": "D-LINK DIR-3040 1.13B03" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1282", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1282" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21818.json b/2021/21xxx/CVE-2021-21818.json index 6969d026c34..ca9de0e14a3 100644 --- a/2021/21xxx/CVE-2021-21818.json +++ b/2021/21xxx/CVE-2021-21818.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21818", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "D-Link", + "version": { + "version_data": [ + { + "version_value": "D-LINK DIR-3040 1.13B03" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use of hard-coded password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1283", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1283" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21819.json b/2021/21xxx/CVE-2021-21819.json index 5460bfe4131..7bfb9882e56 100644 --- a/2021/21xxx/CVE-2021-21819.json +++ b/2021/21xxx/CVE-2021-21819.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21819", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "D-Link", + "version": { + "version_data": [ + { + "version_value": "D-LINK DIR-3040 1.13B03" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1284", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1284" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability." } ] } diff --git a/2021/21xxx/CVE-2021-21820.json b/2021/21xxx/CVE-2021-21820.json index 108a8e216b7..da8b73a44b3 100644 --- a/2021/21xxx/CVE-2021-21820.json +++ b/2021/21xxx/CVE-2021-21820.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21820", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "D-Link", + "version": { + "version_data": [ + { + "version_value": "D-LINK DIR-3040 1.13B03" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use of hard coded credentials\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1285", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1285" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability." } ] } diff --git a/2021/26xxx/CVE-2021-26707.json b/2021/26xxx/CVE-2021-26707.json index 3e37a6b9f4f..62a8727160f 100644 --- a/2021/26xxx/CVE-2021-26707.json +++ b/2021/26xxx/CVE-2021-26707.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/", "url": "https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0008/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0008/" } ] } diff --git a/2021/28xxx/CVE-2021-28651.json b/2021/28xxx/CVE-2021-28651.json index fc5b1c77709..92584bdf7c2 100644 --- a/2021/28xxx/CVE-2021-28651.json +++ b/2021/28xxx/CVE-2021-28651.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0007/" } ] } diff --git a/2021/28xxx/CVE-2021-28807.json b/2021/28xxx/CVE-2021-28807.json index e84667dc0ff..190814543ce 100644 --- a/2021/28xxx/CVE-2021-28807.json +++ b/2021/28xxx/CVE-2021-28807.json @@ -105,6 +105,16 @@ "refsource": "MISC", "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-20", "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-20" + }, + { + "refsource": "MISC", + "name": "https://www.shielder.it/advisories/qnap-qcenter-virtual-stored-xss/", + "url": "https://www.shielder.it/advisories/qnap-qcenter-virtual-stored-xss/" + }, + { + "refsource": "MISC", + "name": "https://www.shielder.it/advisories/qnap-qcenter-post-auth-remote-code-execution-via-qpkg/", + "url": "https://www.shielder.it/advisories/qnap-qcenter-post-auth-remote-code-execution-via-qpkg/" } ] }, diff --git a/2021/31xxx/CVE-2021-31806.json b/2021/31xxx/CVE-2021-31806.json index 86749e45a16..01d80371b4c 100644 --- a/2021/31xxx/CVE-2021-31806.json +++ b/2021/31xxx/CVE-2021-31806.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0007/" } ] } diff --git a/2021/31xxx/CVE-2021-31807.json b/2021/31xxx/CVE-2021-31807.json index ec6864b54f8..bcae8962490 100644 --- a/2021/31xxx/CVE-2021-31807.json +++ b/2021/31xxx/CVE-2021-31807.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0007/" } ] } diff --git a/2021/31xxx/CVE-2021-31808.json b/2021/31xxx/CVE-2021-31808.json index b9b3d0fdb55..ce9ed20849d 100644 --- a/2021/31xxx/CVE-2021-31808.json +++ b/2021/31xxx/CVE-2021-31808.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0007/" } ] } diff --git a/2021/3xxx/CVE-2021-3489.json b/2021/3xxx/CVE-2021-3489.json index 42921b43aa9..4d6028208d7 100644 --- a/2021/3xxx/CVE-2021-3489.json +++ b/2021/3xxx/CVE-2021-3489.json @@ -133,6 +133,11 @@ "name": "https://ubuntu.com/security/notices/USN-4949-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/security/notices/USN-4949-1" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ] }, diff --git a/2021/3xxx/CVE-2021-3490.json b/2021/3xxx/CVE-2021-3490.json index 0ad47267eec..956855f77db 100644 --- a/2021/3xxx/CVE-2021-3490.json +++ b/2021/3xxx/CVE-2021-3490.json @@ -133,6 +133,11 @@ "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ] }, diff --git a/2021/3xxx/CVE-2021-3491.json b/2021/3xxx/CVE-2021-3491.json index b84877ce90f..20f58aa2138 100644 --- a/2021/3xxx/CVE-2021-3491.json +++ b/2021/3xxx/CVE-2021-3491.json @@ -125,6 +125,11 @@ "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-589/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-589/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ] }, diff --git a/2021/3xxx/CVE-2021-3516.json b/2021/3xxx/CVE-2021-3516.json index b485d819beb..c0ee3963983 100644 --- a/2021/3xxx/CVE-2021-3516.json +++ b/2021/3xxx/CVE-2021-3516.json @@ -78,6 +78,11 @@ "refsource": "GENTOO", "name": "GLSA-202107-05", "url": "https://security.gentoo.org/glsa/202107-05" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0005/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0005/" } ] }, diff --git a/2021/3xxx/CVE-2021-3530.json b/2021/3xxx/CVE-2021-3530.json index 8dc309fc9ee..90b3dec90f0 100644 --- a/2021/3xxx/CVE-2021-3530.json +++ b/2021/3xxx/CVE-2021-3530.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch", "url": "https://src.fedoraproject.org/rpms/binutils/blob/rawhide/f/binutils-CVE-2021-3530.patch" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210716-0006/", + "url": "https://security.netapp.com/advisory/ntap-20210716-0006/" } ] },