"-Synchronized-Data."

cve-team · cve-team · commit 86d763b94bd2 · 2021-08-31T22:00:53.000Z
diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json
@@ -513,6 +513,16 @@
                 "refsource": "MLIST",
                 "name": "[activemq-users] 20210831 RE: Security issues",
                 "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
             }
         ]
     },
diff --git a/2020/25xxx/CVE-2020-25649.json b/2020/25xxx/CVE-2020-25649.json
@@ -348,6 +348,16 @@
                 "url": "https://www.oracle.com//security-alerts/cpujul2021.html",
                 "refsource": "MISC",
                 "name": "https://www.oracle.com//security-alerts/cpujul2021.html"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
             }
         ]
     },
diff --git a/2021/22xxx/CVE-2021-22002.json b/2021/22xxx/CVE-2021-22002.json
@@ -4,14 +4,58 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-22002",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@vmware.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "VMware Workspace ONE Access, Identity Manager and vRealize Automation",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2. vRealize Automation (vIDM) 7.6."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Host header vulnerability"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html",
+                "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication."
             }
         ]
     }
diff --git a/2021/22xxx/CVE-2021-22003.json b/2021/22xxx/CVE-2021-22003.json
@@ -4,14 +4,58 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-22003",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "security@vmware.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "VMware Workspace ONE Access and Identity Manager",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Information disclosure vulnerability"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html",
+                "url": "https://www.vmware.com/security/advisories/VMSA-2021-0016.html"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account."
             }
         ]
     }
diff --git a/2021/22xxx/CVE-2021-22922.json b/2021/22xxx/CVE-2021-22922.json
@@ -53,6 +53,16 @@
                 "refsource": "FEDORA",
                 "name": "FEDORA-2021-5d21b90a30",
                 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
             }
         ]
     },
diff --git a/2021/22xxx/CVE-2021-22924.json b/2021/22xxx/CVE-2021-22924.json
@@ -58,6 +58,16 @@
                 "refsource": "MLIST",
                 "name": "[debian-lts-announce] 20210813 [SECURITY] [DLA 2734-1] curl security update",
                 "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
             }
         ]
     },
diff --git a/2021/22xxx/CVE-2021-22926.json b/2021/22xxx/CVE-2021-22926.json
@@ -48,6 +48,16 @@
                 "refsource": "MISC",
                 "name": "https://hackerone.com/reports/1234760",
                 "url": "https://hackerone.com/reports/1234760"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
             }
         ]
     },
diff --git a/2021/31xxx/CVE-2021-31535.json b/2021/31xxx/CVE-2021-31535.json
@@ -126,6 +126,16 @@
                 "refsource": "FEDORA",
                 "name": "FEDORA-2021-62bb9998b2",
                 "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
             }
         ]
     }
diff --git a/2021/36xxx/CVE-2021-36159.json b/2021/36xxx/CVE-2021-36159.json
@@ -61,6 +61,16 @@
                 "url": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch",
                 "refsource": "MISC",
                 "name": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
+                "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
             }
         ]
     }
diff --git a/2021/3xxx/CVE-2021-3757.json b/2021/3xxx/CVE-2021-3757.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3757",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/3xxx/CVE-2021-3758.json b/2021/3xxx/CVE-2021-3758.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3758",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/40xxx/CVE-2021-40349.json b/2021/40xxx/CVE-2021-40349.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-40349",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/40xxx/CVE-2021-40350.json b/2021/40xxx/CVE-2021-40350.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-40350",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/40xxx/CVE-2021-40351.json b/2021/40xxx/CVE-2021-40351.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-40351",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/40xxx/CVE-2021-40352.json b/2021/40xxx/CVE-2021-40352.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-40352",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
diff --git a/2021/40xxx/CVE-2021-40353.json b/2021/40xxx/CVE-2021-40353.json
@@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-40353",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -126,6 +126,16 @@`
`126`	`126`	`"refsource": "FEDORA",`
`127`	`127`	`"name": "FEDORA-2021-62bb9998b2",`
`128`	`128`	`"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/"`
	`129`	`+ },`
	`130`	`+ {`
	`131`	`+ "refsource": "MLIST",`
	`132`	`+ "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",`
	`133`	`+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"`
	`134`	`+ },`
	`135`	`+ {`
	`136`	`+ "refsource": "MLIST",`
	`137`	`+ "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",`
	`138`	`+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"`
`129`	`139`	`}`
`130`	`140`	`]`
`131`	`141`	`}`
Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,16 @@`
`61`	`61`	`"url": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch",`
`62`	`62`	`"refsource": "MISC",`
`63`	`63`	`"name": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch"`
	`64`	`+ },`
	`65`	`+ {`
	`66`	`+ "refsource": "MLIST",`
	`67`	`+ "name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",`
	`68`	`+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"`
	`69`	`+ },`
	`70`	`+ {`
	`71`	`+ "refsource": "MLIST",`
	`72`	`+ "name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",`
	`73`	`+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"`
`64`	`74`	`}`
`65`	`75`	`]`
`66`	`76`	`}`