diff --git a/2021/26xxx/CVE-2021-26333.json b/2021/26xxx/CVE-2021-26333.json index ca2b57f8ab9..75b21047bfa 100644 --- a/2021/26xxx/CVE-2021-26333.json +++ b/2021/26xxx/CVE-2021-26333.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2021-09-14T19:30:00.000Z", "ID": "CVE-2021-26333", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "AMD Chipset Driver Information Disclosure Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PSP Driver", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "PSP Driver", + "version_value": "5.17.0.0" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]", + "url": "http://seclists.org/fulldisclosure/2021/Sep/24" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html", + "url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html" + }, + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009" + } + ] + }, + "source": { + "advisory": "AMD-SB-1009", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/28xxx/CVE-2021-28694.json b/2021/28xxx/CVE-2021-28694.json index b6bc617f2a6..43f83f30724 100644 --- a/2021/28xxx/CVE-2021-28694.json +++ b/2021/28xxx/CVE-2021-28694.json @@ -167,6 +167,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d68ed12e46", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4977", + "url": "https://www.debian.org/security/2021/dsa-4977" } ] }, diff --git a/2021/28xxx/CVE-2021-28695.json b/2021/28xxx/CVE-2021-28695.json index 85f13ecbba7..ffaa189643b 100644 --- a/2021/28xxx/CVE-2021-28695.json +++ b/2021/28xxx/CVE-2021-28695.json @@ -167,6 +167,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d68ed12e46", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4977", + "url": "https://www.debian.org/security/2021/dsa-4977" } ] }, diff --git a/2021/28xxx/CVE-2021-28696.json b/2021/28xxx/CVE-2021-28696.json index 629f77ec725..adf9a5dcead 100644 --- a/2021/28xxx/CVE-2021-28696.json +++ b/2021/28xxx/CVE-2021-28696.json @@ -167,6 +167,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d68ed12e46", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4977", + "url": "https://www.debian.org/security/2021/dsa-4977" } ] }, diff --git a/2021/28xxx/CVE-2021-28697.json b/2021/28xxx/CVE-2021-28697.json index cfc846ecea3..20ec90d5834 100644 --- a/2021/28xxx/CVE-2021-28697.json +++ b/2021/28xxx/CVE-2021-28697.json @@ -150,6 +150,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d68ed12e46", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4977", + "url": "https://www.debian.org/security/2021/dsa-4977" } ] }, diff --git a/2021/28xxx/CVE-2021-28698.json b/2021/28xxx/CVE-2021-28698.json index 45b8e88ca9b..d01d871e41a 100644 --- a/2021/28xxx/CVE-2021-28698.json +++ b/2021/28xxx/CVE-2021-28698.json @@ -156,6 +156,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d68ed12e46", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4977", + "url": "https://www.debian.org/security/2021/dsa-4977" } ] }, diff --git a/2021/28xxx/CVE-2021-28699.json b/2021/28xxx/CVE-2021-28699.json index 756cf1786fb..d2a3426ae1e 100644 --- a/2021/28xxx/CVE-2021-28699.json +++ b/2021/28xxx/CVE-2021-28699.json @@ -111,6 +111,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d68ed12e46", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4977", + "url": "https://www.debian.org/security/2021/dsa-4977" } ] }, diff --git a/2021/28xxx/CVE-2021-28700.json b/2021/28xxx/CVE-2021-28700.json index 367a93dd83f..36984acc212 100644 --- a/2021/28xxx/CVE-2021-28700.json +++ b/2021/28xxx/CVE-2021-28700.json @@ -121,6 +121,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-d68ed12e46", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4977", + "url": "https://www.debian.org/security/2021/dsa-4977" } ] }, diff --git a/2021/28xxx/CVE-2021-28701.json b/2021/28xxx/CVE-2021-28701.json index cb9ac18ce01..466520ace55 100644 --- a/2021/28xxx/CVE-2021-28701.json +++ b/2021/28xxx/CVE-2021-28701.json @@ -150,6 +150,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-fed53cbc7d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4977", + "url": "https://www.debian.org/security/2021/dsa-4977" } ] }, diff --git a/2021/31xxx/CVE-2021-31917.json b/2021/31xxx/CVE-2021-31917.json index e0e41a9a680..491ad0a1aa3 100644 --- a/2021/31xxx/CVE-2021-31917.json +++ b/2021/31xxx/CVE-2021-31917.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-31917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Red Hat DataGrid and Infinispan", + "version": { + "version_data": [ + { + "version_value": "Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2021-31917", + "url": "https://access.redhat.com/security/cve/cve-2021-31917" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] }