From eccbebeb5171a047f1169abd1c724851cf07b2ee Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 15 Mar 2021 13:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/20xxx/CVE-2021-20179.json | 75 ++++++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27208.json | 61 ++++++++++++++++++++++++--- 2 files changed, 127 insertions(+), 9 deletions(-) diff --git a/2021/20xxx/CVE-2021-20179.json b/2021/20xxx/CVE-2021-20179.json index 2ca9eb74e2d..6fc2ff6d4c5 100644 --- a/2021/20xxx/CVE-2021-20179.json +++ b/2021/20xxx/CVE-2021-20179.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20179", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "pki-core", + "version": { + "version_data": [ + { + "version_value": "pki-core 10.5, pki-core 10.8, pki-core 10.9, pki-core 10.10, pki-core 10.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1914379", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914379" + }, + { + "refsource": "MISC", + "name": "https://github.com/dogtagpki/pki/pull/3478", + "url": "https://github.com/dogtagpki/pki/pull/3478" + }, + { + "refsource": "MISC", + "name": "https://github.com/dogtagpki/pki/pull/3477", + "url": "https://github.com/dogtagpki/pki/pull/3477" + }, + { + "refsource": "MISC", + "name": "https://github.com/dogtagpki/pki/pull/3476", + "url": "https://github.com/dogtagpki/pki/pull/3476" + }, + { + "refsource": "MISC", + "name": "https://github.com/dogtagpki/pki/pull/3475", + "url": "https://github.com/dogtagpki/pki/pull/3475" + }, + { + "refsource": "MISC", + "name": "https://github.com/dogtagpki/pki/pull/3474", + "url": "https://github.com/dogtagpki/pki/pull/3474" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity." } ] } diff --git a/2021/27xxx/CVE-2021-27208.json b/2021/27xxx/CVE-2021-27208.json index 8c0704511cd..3dbd521b891 100644 --- a/2021/27xxx/CVE-2021-27208.json +++ b/2021/27xxx/CVE-2021-27208.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27208", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27208", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand\u2019s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification to the Zynq-7000 device is needed to replace the original nand flash memory with a nand flash emulator for this attack to be successful." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.xilinx.com/support.html", + "refsource": "MISC", + "name": "https://www.xilinx.com/support.html" + }, + { + "refsource": "MISC", + "name": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html", + "url": "https://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html" } ] }