Skip to content
This repository was archived by the owner on Jun 10, 2025. It is now read-only.

Commit dd7c6fa

Browse files
cve-teamcve-team
committed
"-Synchronized-Data."
1 parent bcbdb1d commit dd7c6fa

File tree

10 files changed

+425
-278
lines changed

10 files changed

+425
-278
lines changed

2021/22xxx/CVE-2021-22545.json

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -81,12 +81,13 @@
8181
"references": {
8282
"reference_data": [
8383
{
84-
"refsource": "CONFIRM",
85-
"url": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7"
84+
"refsource": "MISC",
85+
"url": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7",
86+
"name": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7"
8687
}
8788
]
8889
},
8990
"source": {
9091
"discovery": "UNKNOWN"
9192
}
92-
}
93+
}

2021/23xxx/CVE-2021-23400.json

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -48,28 +48,32 @@
4848
"references": {
4949
"reference_data": [
5050
{
51-
"refsource": "CONFIRM",
52-
"url": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415"
51+
"refsource": "MISC",
52+
"url": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415",
53+
"name": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415"
5354
},
5455
{
55-
"refsource": "CONFIRM",
56-
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737"
56+
"refsource": "MISC",
57+
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737",
58+
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737"
5759
},
5860
{
59-
"refsource": "CONFIRM",
60-
"url": "https://github.com/nodemailer/nodemailer/issues/1289"
61+
"refsource": "MISC",
62+
"url": "https://github.com/nodemailer/nodemailer/issues/1289",
63+
"name": "https://github.com/nodemailer/nodemailer/issues/1289"
6164
},
6265
{
63-
"refsource": "CONFIRM",
64-
"url": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f"
66+
"refsource": "MISC",
67+
"url": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f",
68+
"name": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f"
6569
}
6670
]
6771
},
6872
"description": {
6973
"description_data": [
7074
{
7175
"lang": "eng",
72-
"value": "The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.\r\n\r\n"
76+
"value": "The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object."
7377
}
7478
]
7579
},

2021/27xxx/CVE-2021-27577.json

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@
3636
"description_data": [
3737
{
3838
"lang": "eng",
39-
"value": "Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1."
39+
"value": "Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1."
4040
}
4141
]
4242
},
@@ -61,12 +61,13 @@
6161
"references": {
6262
"reference_data": [
6363
{
64-
"refsource": "CONFIRM",
65-
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
64+
"refsource": "MISC",
65+
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E",
66+
"name": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
6667
}
6768
]
6869
},
6970
"source": {
7071
"discovery": "UNKNOWN"
7172
}
72-
}
73+
}

2021/28xxx/CVE-2021-28690.json

Lines changed: 136 additions & 133 deletions
Original file line numberDiff line numberDiff line change
@@ -1,136 +1,139 @@
11
{
2-
"CVE_data_meta" : {
3-
"ASSIGNER" : "[email protected]",
4-
"ID" : "CVE-2021-28690"
5-
},
6-
"affects" : {
7-
"vendor" : {
8-
"vendor_data" : [
2+
"CVE_data_meta": {
3+
"ASSIGNER": "[email protected]",
4+
"ID": "CVE-2021-28690",
5+
"STATE": "PUBLIC"
6+
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "xen",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_affected": "?<",
19+
"version_value": "4.12"
20+
},
21+
{
22+
"version_affected": ">=",
23+
"version_value": "4.13.x"
24+
},
25+
{
26+
"version_affected": "!>",
27+
"version_value": "xen-unstable"
28+
}
29+
]
30+
}
31+
},
32+
{
33+
"product_name": "xen",
34+
"version": {
35+
"version_data": [
36+
{
37+
"version_value": "4.12.x"
38+
}
39+
]
40+
}
41+
},
42+
{
43+
"product_name": "xen",
44+
"version": {
45+
"version_data": [
46+
{
47+
"version_value": "4.11.x"
48+
}
49+
]
50+
}
51+
}
52+
]
53+
},
54+
"vendor_name": "Xen"
55+
}
56+
]
57+
}
58+
},
59+
"configuration": {
60+
"configuration_data": {
61+
"description": {
62+
"description_data": [
63+
{
64+
"lang": "eng",
65+
"value": "See XSA-305 for details of susceptibility to TAA.\n\nOnly systems which are susceptible to TAA and have the XSA-305 fix are\nvulnerable. Only systems which support S3 suspend/resume are vulnerable.\n\nThe vulnerability is only exposed if S3 suspend/resume is used."
66+
}
67+
]
68+
}
69+
}
70+
},
71+
"credit": {
72+
"credit_data": {
73+
"description": {
74+
"description_data": [
75+
{
76+
"lang": "eng",
77+
"value": "This issue was discovered by Andrew Cooper of Citrix."
78+
}
79+
]
80+
}
81+
}
82+
},
83+
"data_format": "MITRE",
84+
"data_type": "CVE",
85+
"data_version": "4.0",
86+
"description": {
87+
"description_data": [
988
{
10-
"product" : {
11-
"product_data" : [
12-
{
13-
"product_name" : "xen",
14-
"version" : {
15-
"version_data" : [
16-
{
17-
"version_affected" : "?<",
18-
"version_value" : "4.12"
19-
},
20-
{
21-
"version_affected" : ">=",
22-
"version_value" : "4.13.x"
23-
},
24-
{
25-
"version_affected" : "!>",
26-
"version_value" : "xen-unstable"
27-
}
28-
]
29-
}
30-
},
31-
{
32-
"product_name" : "xen",
33-
"version" : {
34-
"version_data" : [
35-
{
36-
"version_value" : "4.12.x"
37-
}
38-
]
39-
}
40-
},
41-
{
42-
"product_name" : "xen",
43-
"version" : {
44-
"version_data" : [
45-
{
46-
"version_value" : "4.11.x"
47-
}
48-
]
49-
}
50-
}
51-
]
52-
},
53-
"vendor_name" : "Xen"
89+
"lang": "eng",
90+
"value": "x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend."
5491
}
55-
]
56-
}
57-
},
58-
"configuration" : {
59-
"configuration_data" : {
60-
"description" : {
61-
"description_data" : [
62-
{
63-
"lang" : "eng",
64-
"value" : "See XSA-305 for details of susceptibility to TAA.\n\nOnly systems which are susceptible to TAA and have the XSA-305 fix are\nvulnerable. Only systems which support S3 suspend/resume are vulnerable.\n\nThe vulnerability is only exposed if S3 suspend/resume is used."
65-
}
66-
]
67-
}
68-
}
69-
},
70-
"credit" : {
71-
"credit_data" : {
72-
"description" : {
73-
"description_data" : [
74-
{
75-
"lang" : "eng",
76-
"value" : "This issue was discovered by Andrew Cooper of Citrix."
77-
}
78-
]
79-
}
80-
}
81-
},
82-
"data_format" : "MITRE",
83-
"data_type" : "CVE",
84-
"data_version" : "4.0",
85-
"description" : {
86-
"description_data" : [
87-
{
88-
"lang" : "eng",
89-
"value" : "x86: TSX Async Abort protections not restored after S3\n\nThis issue relates to the TSX Async Abort speculative security vulnerability.\nPlease see https://xenbits.xen.org/xsa/advisory-305.html for details.\n\nMitigating TAA by disabling TSX (the default and preferred option) requires\nselecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored\nafter S3 suspend."
90-
}
91-
]
92-
},
93-
"impact" : {
94-
"impact_data" : {
95-
"description" : {
96-
"description_data" : [
97-
{
98-
"lang" : "eng",
99-
"value" : "After using S3 suspend at least once, CPU0 remains vulnerable to TAA.\n\nThis is an information leak. For full details of the impact, see\nXSA-305."
100-
}
101-
]
102-
}
103-
}
104-
},
105-
"problemtype" : {
106-
"problemtype_data" : [
107-
{
108-
"description" : [
109-
{
110-
"lang" : "eng",
111-
"value" : "unknown"
112-
}
113-
]
114-
}
115-
]
116-
},
117-
"references" : {
118-
"reference_data" : [
119-
{
120-
"url" : "https://xenbits.xenproject.org/xsa/advisory-377.txt"
121-
}
122-
]
123-
},
124-
"workaround" : {
125-
"workaround_data" : {
126-
"description" : {
127-
"description_data" : [
128-
{
129-
"lang" : "eng",
130-
"value" : "Not using S3 suspend/resume avoids the vulnerability."
131-
}
132-
]
133-
}
134-
}
135-
}
136-
}
92+
]
93+
},
94+
"impact": {
95+
"impact_data": {
96+
"description": {
97+
"description_data": [
98+
{
99+
"lang": "eng",
100+
"value": "After using S3 suspend at least once, CPU0 remains vulnerable to TAA.\n\nThis is an information leak. For full details of the impact, see\nXSA-305."
101+
}
102+
]
103+
}
104+
}
105+
},
106+
"problemtype": {
107+
"problemtype_data": [
108+
{
109+
"description": [
110+
{
111+
"lang": "eng",
112+
"value": "unknown"
113+
}
114+
]
115+
}
116+
]
117+
},
118+
"references": {
119+
"reference_data": [
120+
{
121+
"url": "https://xenbits.xenproject.org/xsa/advisory-377.txt",
122+
"refsource": "MISC",
123+
"name": "https://xenbits.xenproject.org/xsa/advisory-377.txt"
124+
}
125+
]
126+
},
127+
"workaround": {
128+
"workaround_data": {
129+
"description": {
130+
"description_data": [
131+
{
132+
"lang": "eng",
133+
"value": "Not using S3 suspend/resume avoids the vulnerability."
134+
}
135+
]
136+
}
137+
}
138+
}
139+
}

0 commit comments

Comments
 (0)