From edb3f3f177e05ab5da325c0197f1c157e8dc60ed Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 11 Aug 2021 11:01:19 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/14xxx/CVE-2018-14662.json | 5 ++ 2018/16xxx/CVE-2018-16846.json | 5 ++ 2018/21xxx/CVE-2018-21234.json | 5 ++ 2020/10xxx/CVE-2020-10753.json | 5 ++ 2020/1xxx/CVE-2020-1760.json | 5 ++ 2021/33xxx/CVE-2021-33594.json | 98 +++++++++++++++++++++++++++++++--- 2021/33xxx/CVE-2021-33595.json | 98 +++++++++++++++++++++++++++++++--- 2021/33xxx/CVE-2021-33596.json | 15 ++++++ 2021/34xxx/CVE-2021-34558.json | 20 +++++++ 2021/37xxx/CVE-2021-37746.json | 10 ++++ 2021/3xxx/CVE-2021-3524.json | 5 ++ 11 files changed, 259 insertions(+), 12 deletions(-) diff --git a/2018/14xxx/CVE-2018-14662.json b/2018/14xxx/CVE-2018-14662.json index 899bde5a869..962d8eaee51 100644 --- a/2018/14xxx/CVE-2018-14662.json +++ b/2018/14xxx/CVE-2018-14662.json @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2541", "url": "https://access.redhat.com/errata/RHSA-2019:2541" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html" } ] } diff --git a/2018/16xxx/CVE-2018-16846.json b/2018/16xxx/CVE-2018-16846.json index 79f80e0dfe7..68beffeea76 100644 --- a/2018/16xxx/CVE-2018-16846.json +++ b/2018/16xxx/CVE-2018-16846.json @@ -96,6 +96,11 @@ "name": "https://ceph.com/releases/13-2-4-mimic-released/", "refsource": "MISC", "url": "https://ceph.com/releases/13-2-4-mimic-released/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html" } ] } diff --git a/2018/21xxx/CVE-2018-21234.json b/2018/21xxx/CVE-2018-21234.json index 0dc9c917cc0..83afb28da75 100644 --- a/2018/21xxx/CVE-2018-21234.json +++ b/2018/21xxx/CVE-2018-21234.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[hive-issues] 20210524 [jira] [Commented] (HIVE-25054) Upgrade jodd-core due to CVE-2018-21234", "url": "https://lists.apache.org/thread.html/rd575d9877424a2d8776f5c2ff33bf3dc3382cd83f031d483f29c11ab@%3Cissues.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-dev] 20210810 [GitHub] [drill] ssainz opened a new issue #2294: CVE-2018-21234 in Hive 3.1.2, should upgrade to 3.21.3", + "url": "https://lists.apache.org/thread.html/r317aec95c436848233047af7ecb3ce04ce446eb6031f981aef50df0d@%3Cdev.drill.apache.org%3E" } ] } diff --git a/2020/10xxx/CVE-2020-10753.json b/2020/10xxx/CVE-2020-10753.json index bde78f3a870..d0d63f398f8 100644 --- a/2020/10xxx/CVE-2020-10753.json +++ b/2020/10xxx/CVE-2020-10753.json @@ -68,6 +68,11 @@ "refsource": "GENTOO", "name": "GLSA-202105-39", "url": "https://security.gentoo.org/glsa/202105-39" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html" } ] }, diff --git a/2020/1xxx/CVE-2020-1760.json b/2020/1xxx/CVE-2020-1760.json index b445419c7dd..20cb15c72db 100644 --- a/2020/1xxx/CVE-2020-1760.json +++ b/2020/1xxx/CVE-2020-1760.json @@ -74,6 +74,11 @@ "refsource": "GENTOO", "name": "GLSA-202105-39", "url": "https://security.gentoo.org/glsa/202105-39" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html" } ] }, diff --git a/2021/33xxx/CVE-2021-33594.json b/2021/33xxx/CVE-2021-33594.json index 2553f7c06fc..e06b5f7f1aa 100644 --- a/2021/33xxx/CVE-2021-33594.json +++ b/2021/33xxx/CVE-2021-33594.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-33594", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "F-Secure Safe browser for Android vulnerable to Address Bar Spoofing" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F-Secure Mobile Security", + "version": { + "version_data": [ + { + "platform": "Android", + "version_affected": ">=", + "version_name": "18.3x", + "version_value": "18.4x" + } + ] + } + } + ] + }, + "vendor_name": "F-Secure" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "F-Secure Safe browser for Android vulnerable to Address Bar Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", + "name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame" + }, + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories" + }, + { + "refsource": "MISC", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33594" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to version 18.4.x or newer from Google Play" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33595.json b/2021/33xxx/CVE-2021-33595.json index f5649808356..c60c6d08734 100644 --- a/2021/33xxx/CVE-2021-33595.json +++ b/2021/33xxx/CVE-2021-33595.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-33595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "F-Secure Safe browser for iOS vulnerable to Address Bar Spoofing" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F-Secure Mobile Security", + "version": { + "version_data": [ + { + "platform": "iOS", + "version_affected": ">", + "version_name": "18.3x", + "version_value": "18.4x" + } + ] + } + } + ] + }, + "vendor_name": "F-Secure" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "F-Secure Safe browser for iOS vulnerable to Address Bar Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", + "name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame" + }, + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories" + }, + { + "refsource": "MISC", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33595", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33595" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to version 18.4.x or newer from the App Store " + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33596.json b/2021/33xxx/CVE-2021-33596.json index f04187f5fa9..51982a54778 100644 --- a/2021/33xxx/CVE-2021-33596.json +++ b/2021/33xxx/CVE-2021-33596.json @@ -80,6 +80,21 @@ "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", "name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame" }, + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame", + "name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame" + }, + { + "refsource": "MISC", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories" + }, + { + "refsource": "MISC", + "name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596", + "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596" + }, { "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", diff --git a/2021/34xxx/CVE-2021-34558.json b/2021/34xxx/CVE-2021-34558.json index 27fd8ee3f7e..bc8ec8db154 100644 --- a/2021/34xxx/CVE-2021-34558.json +++ b/2021/34xxx/CVE-2021-34558.json @@ -86,6 +86,26 @@ "refsource": "FEDORA", "name": "FEDORA-2021-47d259d3cf", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-6ac9b98f9e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-07e4d20196", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-ffa749f7f7", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-54f88bebd4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/" } ] } diff --git a/2021/37xxx/CVE-2021-37746.json b/2021/37xxx/CVE-2021-37746.json index 6d5f62df8da..94fa05455f8 100644 --- a/2021/37xxx/CVE-2021-37746.json +++ b/2021/37xxx/CVE-2021-37746.json @@ -66,6 +66,16 @@ "url": "https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz", "refsource": "MISC", "name": "https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-a4e9c45f9e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2021-3823463b9a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6/" } ] } diff --git a/2021/3xxx/CVE-2021-3524.json b/2021/3xxx/CVE-2021-3524.json index e46d492eb5c..856e5e127e7 100644 --- a/2021/3xxx/CVE-2021-3524.json +++ b/2021/3xxx/CVE-2021-3524.json @@ -63,6 +63,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-1bf13db941", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZRUNDH2TJRZRWL3DCH2PQ6KROWTPQ7AJ/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210810 [SECURITY] [DLA 2735-1] ceph security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html" } ] },