"-Synchronized-Data."

Author: cve-team

2020/24xxx/CVE-2020-24485.json

@@ -48,6 +48,11 @@
                 "refsource": "MISC",
                 "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00475.html",
                 "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00475.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00440.html",
+                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00440.html"
             }
         ]
     },

2020/28xxx/CVE-2020-28713.json

@@ -1,17 +1,66 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
-        "ID": "CVE-2020-28713",
         "ASSIGNER": "[email protected]",
-        "STATE": "RESERVED"
+        "ID": "CVE-2020-28713",
+        "STATE": "PUBLIC"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://gist.github.com/tj-oconnor/dbfbef4d3b271d53fefbd24e1f0024f0",
+                "url": "https://gist.github.com/tj-oconnor/dbfbef4d3b271d53fefbd24e1f0024f0"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://cloud.binary.ninja/embed/26671c64-6859-48fb-b58e-af35dc982b35",
+                "url": "https://cloud.binary.ninja/embed/26671c64-6859-48fb-b58e-af35dc982b35"
             }
         ]
     }

2021/21xxx/CVE-2021-21558.json

@@ -63,8 +63,9 @@
     "references": {
         "reference_data": [
             {
-                "refsource": "CONFIRM",
-                "url": "https://www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities"
+                "refsource": "MISC",
+                "url": "https://www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities",
+                "name": "https://www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities"
             }
         ]
     }

2021/21xxx/CVE-2021-21559.json

@@ -36,7 +36,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server.  An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server."
+                "value": "Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server."
             }
         ]
     },
@@ -63,8 +63,9 @@
     "references": {
         "reference_data": [
             {
-                "refsource": "CONFIRM",
-                "url": "https://www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities"
+                "refsource": "MISC",
+                "url": "https://www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities",
+                "name": "https://www.dell.com/support/kbdoc/en-us/000186638/dsa-2021-104-dell-emc-networker-security-update-for-multiple-vulnerabilities"
             }
         ]
     }

2021/22xxx/CVE-2021-22213.json

@@ -4,15 +4,97 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-22213",
-        "ASSIGNER": "[email protected]",
-        "STATE": "RESERVED"
+        "ASSIGNER": "[email protected]",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "GitLab",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">=7.10, <13.10.5"
+                                        },
+                                        {
+                                            "version_value": ">=13.11, <13.11.5"
+                                        },
+                                        {
+                                            "version_value": ">=13.12, <13.12.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Insufficiently protected credentials in GitLab"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300308",
+                "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300308",
+                "refsource": "MISC"
+            },
+            {
+                "name": "https://hackerone.com/reports/1089277",
+                "url": "https://hackerone.com/reports/1089277",
+                "refsource": "MISC"
+            },
+            {
+                "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22213.json",
+                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22213.json",
+                "refsource": "CONFIRM"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari"
             }
         ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "version": "3.1",
+            "baseScore": 8.7,
+            "baseSeverity": "HIGH"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Thanks hubblebubble for reporting this vulnerability through our HackerOne bug bounty program"
+        }
+    ]
 }

2021/22xxx/CVE-2021-22217.json

@@ -4,15 +4,97 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2021-22217",
-        "ASSIGNER": "[email protected]",
-        "STATE": "RESERVED"
+        "ASSIGNER": "[email protected]",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "GitLab",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "<13.10.5"
+                                        },
+                                        {
+                                            "version_value": ">=13.11, <13.11.5"
+                                        },
+                                        {
+                                            "version_value": ">=13.12, <13.12.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Uncontrolled resource consumption in GitLab"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300709",
+                "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300709",
+                "refsource": "MISC"
+            },
+            {
+                "name": "https://hackerone.com/reports/1090049",
+                "url": "https://hackerone.com/reports/1090049",
+                "refsource": "MISC"
+            },
+            {
+                "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22217.json",
+                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22217.json",
+                "refsource": "CONFIRM"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request"
             }
         ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "version": "3.1",
+            "baseScore": 6.4,
+            "baseSeverity": "MEDIUM"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Thanks phli for reporting this vulnerability through our HackerOne bug bounty program"
+        }
+    ]
 }