From f27d2b05fb1fe83a2f34ff63f7e6ec5333b4e9d2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 16 Nov 2021 13:01:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/30xxx/CVE-2021-30216.json | 56 ++++++++++++++++++++++++++++++---- 2021/37xxx/CVE-2021-37580.json | 5 +++ 2021/42xxx/CVE-2021-42111.json | 2 +- 2021/42xxx/CVE-2021-42114.json | 14 ++++----- 4 files changed, 63 insertions(+), 14 deletions(-) diff --git a/2021/30xxx/CVE-2021-30216.json b/2021/30xxx/CVE-2021-30216.json index 5ca96d6f498..660f3432508 100644 --- a/2021/30xxx/CVE-2021-30216.json +++ b/2021/30xxx/CVE-2021-30216.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30216", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30216", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho Web mail version NA is affected by an incorrect access control vulnerability. Before a domain expires one needs to configure with Zoho web mail to send mails. Upon domain expiry, the person would still be able to send mail with that account, despite losing ownership of domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/nestedif/vulnerability-disclosure-business-logic-allowing-to-send-emails-for-expired-transferred-hosts-4dc0868ded14", + "refsource": "MISC", + "name": "https://medium.com/nestedif/vulnerability-disclosure-business-logic-allowing-to-send-emails-for-expired-transferred-hosts-4dc0868ded14" } ] } diff --git a/2021/37xxx/CVE-2021-37580.json b/2021/37xxx/CVE-2021-37580.json index 507c6210261..0a1d8b427cb 100644 --- a/2021/37xxx/CVE-2021-37580.json +++ b/2021/37xxx/CVE-2021-37580.json @@ -71,6 +71,11 @@ "refsource": "MISC", "url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb", "name": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20211116 CVE-2021-37580: Apache ShenYu Admin bypass JWT authentication", + "url": "http://www.openwall.com/lists/oss-security/2021/11/16/1" } ] }, diff --git a/2021/42xxx/CVE-2021-42111.json b/2021/42xxx/CVE-2021-42111.json index 2dc38bebd9a..3671a5bec41 100644 --- a/2021/42xxx/CVE-2021-42111.json +++ b/2021/42xxx/CVE-2021-42111.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application." + "value": "An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code." } ] }, diff --git a/2021/42xxx/CVE-2021-42114.json b/2021/42xxx/CVE-2021-42114.json index eeae983f92e..fbab0e836ea 100644 --- a/2021/42xxx/CVE-2021-42114.json +++ b/2021/42xxx/CVE-2021-42114.json @@ -118,7 +118,7 @@ "credit": [ { "lang": "eng", - "value": "Kaveh Razavi, Patrick Jattke, Stijn Gunter; Eidgenössische Technische Hochschule (ETH) Zürich" + "value": "Kaveh Razavi, Patrick Jattke, Stijn Gunter; Eidgen\u00f6ssische Technische Hochschule (ETH) Z\u00fcrich" }, { "lang": "eng", @@ -173,11 +173,6 @@ }, "references": { "reference_data": [ - { - "name": "https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf", - "refsource": "CONFIRM", - "url": "https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf" - }, { "name": "https://comsec.ethz.ch/research/dram/blacksmith/", "refsource": "MISC", @@ -187,6 +182,11 @@ "name": "https://github.com/comsec-group/blacksmith", "refsource": "MISC", "url": "https://github.com/comsec-group/blacksmith" + }, + { + "name": "https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf", + "refsource": "CONFIRM", + "url": "https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf" } ] }, @@ -196,7 +196,7 @@ "work_around": [ { "lang": "eng", - "value": "Using ECC DRAM substantially increases the difficulty of carrying out Rowhammer attacks on systems, although previous work [1] showed that it does not provide complete protection.\n\n[1] L. Cojocar, K. Razavi, C. Giuffrida, and H. Bos, “Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks,” San Francisco, CA, USA, May 2019, pp. 55–71. DOI: 10.1109/SP.2019.00089. " + "value": "Using ECC DRAM substantially increases the difficulty of carrying out Rowhammer attacks on systems, although previous work [1] showed that it does not provide complete protection.\n\n[1] L. Cojocar, K. Razavi, C. Giuffrida, and H. Bos, \u201cExploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks,\u201d San Francisco, CA, USA, May 2019, pp. 55\u201371. DOI: 10.1109/SP.2019.00089. " } ] } \ No newline at end of file