admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-08 18:00:56 +00:00
parent d156c0475f
commit 00c8cc4801
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
15 changed files with 166 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2021/31xxx/CVE-2021-31274.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.librenms.org/t/vulnerability-report-cross-site-scripting-xss-in-the-api-access-page/15431",
"refsource": "MISC",
"name": "https://community.librenms.org/t/vulnerability-report-cross-site-scripting-xss-in-the-api-access-page/15431"
},
{
"url": "https://github.com/librenms/librenms",
"refsource": "MISC",
"name": "https://github.com/librenms/librenms"
},
{
"refsource": "MISC",
"name": "https://github.com/librenms/librenms/pull/12739",
"url": "https://github.com/librenms/librenms/pull/12739"
}
]
}

5
2021/32xxx/CVE-2021-32106.json
View File

@ -61,6 +61,11 @@
"url": "https://groups.google.com/g/icecoder/c/xcAc8_1UPxQ",
"refsource": "MISC",
"name": "https://groups.google.com/g/icecoder/c/xcAc8_1UPxQ"
},
{
"refsource": "MISC",
"name": "https://prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scripting/",
"url": "https://prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scripting/"
}
]
}

2
2021/32xxx/CVE-2021-32805.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround.\n"
"value": "Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround."
}
]
},

8
2021/35xxx/CVE-2021-35266.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution."
"value": "In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution."
}
]
},
@ -58,9 +58,9 @@
"name": "http://ntfs-3g.com"
},
{
"url": "http://tuxera.com",
"refsource": "MISC",
"name": "http://tuxera.com"
"refsource": "MLIST",
"name": "[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G",
"url": "http://www.openwall.com/lists/oss-security/2021/08/30/1"
},
{
"refsource": "MISC",

8
2021/35xxx/CVE-2021-35267.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Tuxera NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root."
"value": "NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root."
}
]
},
@ -58,9 +58,9 @@
"name": "http://ntfs-3g.com"
},
{
"url": "http://tuxera.com",
"refsource": "MISC",
"name": "http://tuxera.com"
"refsource": "MLIST",
"name": "[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G",
"url": "http://www.openwall.com/lists/oss-security/2021/08/30/1"
},
{
"refsource": "MISC",

8
2021/35xxx/CVE-2021-35268.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges."
"value": "In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges."
}
]
},
@ -58,9 +58,9 @@
"name": "http://ntfs-3g.com"
},
{
"url": "http://tuxera.com",
"refsource": "MISC",
"name": "http://tuxera.com"
"refsource": "MLIST",
"name": "[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G",
"url": "http://www.openwall.com/lists/oss-security/2021/08/30/1"
},
{
"refsource": "MISC",

8
2021/35xxx/CVE-2021-35269.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Tuxera NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges."
"value": "NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges."
}
]
},
@ -58,9 +58,9 @@
"name": "http://ntfs-3g.com"
},
{
"url": "http://tuxera.com",
"refsource": "MISC",
"name": "http://tuxera.com"
"refsource": "MLIST",
"name": "[oss-security] 20210830 NTFS3G-SA-2021-0001: Multiple buffer overflows in all versions of NTFS-3G",
"url": "http://www.openwall.com/lists/oss-security/2021/08/30/1"
}
]
}

7
2021/3xxx/CVE-2021-3049.json
View File

@ -59,7 +59,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of.\n\nThis issue impacts:\nAll Cortex XSOAR 5.5.0 builds;\nCortex XSOAR 6.1.0 builds earlier than 12099345.\n\nThis issue does not impact Cortex XSOAR 6.2.0 versions."
"value": "An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex XSOAR 5.5.0 builds; Cortex XSOAR 6.1.0 builds earlier than 12099345. This issue does not impact Cortex XSOAR 6.2.0 versions."
}
]
},
@ -103,8 +103,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3049"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3049",
"name": "https://security.paloaltonetworks.com/CVE-2021-3049"
}
]
},

7
2021/3xxx/CVE-2021-3051.json
View File

@ -85,7 +85,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server.\nThis issue impacts:\nCortex XSOAR 5.5.0 builds earlier than 1578677;\nCortex XSOAR 6.0.2 builds earlier than 1576452;\nCortex XSOAR 6.1.0 builds earlier than 1578663;\nCortex XSOAR 6.2.0 builds earlier than 1578666.\n\nAll Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.\n"
"value": "An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances."
}
]
},
@ -129,8 +129,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3051"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3051",
"name": "https://security.paloaltonetworks.com/CVE-2021-3051"
}
]
},

7
2021/3xxx/CVE-2021-3052.json
View File

@ -84,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator.\nThis issue impacts:\nPAN-OS 8.1 versions earlier than 8.1.20;\nPAN-OS 9.0 versions earlier than 9.0.14;\nPAN-OS 9.1 versions earlier than 9.1.10;\nPAN-OS 10.0 versions earlier than 10.0.2.\n\nThis issue does not affect Prisma Access."
"value": "A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access."
}
]
},
@ -128,8 +128,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3052"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3052",
"name": "https://security.paloaltonetworks.com/CVE-2021-3052"
}
]
},

7
2021/3xxx/CVE-2021-3053.json
View File

@ -84,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.\nThis issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.9;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.5.\n\nThis issue does not affect Prisma Access."
"value": "An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. This issue does not affect Prisma Access."
}
]
},
@ -128,8 +128,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3053"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3053",
"name": "https://security.paloaltonetworks.com/CVE-2021-3053"
}
]
},

7
2021/3xxx/CVE-2021-3054.json
View File

@ -89,7 +89,7 @@
"description_data": [
{
"lang": "eng",
"value": "A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges.\nThis issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.11;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.7;\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.2.\n\nThis issue does not affect Prisma Access."
"value": "A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permission to upload plugins to execute arbitrary code with root user privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7; PAN-OS 10.1 versions earlier than PAN-OS 10.1.2. This issue does not affect Prisma Access."
}
]
},
@ -133,8 +133,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3054"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3054",
"name": "https://security.paloaltonetworks.com/CVE-2021-3054"
}
]
},

7
2021/3xxx/CVE-2021-3055.json
View File

@ -84,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode.\nThis issue impacts:\nPAN-OS 8.1 versions earlier than PAN-OS 8.1.20;\nPAN-OS 9.0 versions earlier than PAN-OS 9.0.14;\nPAN-OS 9.1 versions earlier than PAN-OS 9.1.10;\nPAN-OS 10.0 versions earlier than PAN-OS 10.0.6.\nThis issue does not affect Prisma Access."
"value": "An improper restriction of XML external entity (XXE) reference vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system and send a specifically crafted request to the firewall that causes the service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.6. This issue does not affect Prisma Access."
}
]
},
@ -128,8 +128,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3055"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3055",
"name": "https://security.paloaltonetworks.com/CVE-2021-3055"
}
]
},

10
2021/40xxx/CVE-2021-40346.json
View File

@ -71,6 +71,16 @@
"refsource": "MISC",
"name": "https://www.mail-archive.com/haproxy@formilux.org/msg41114.html",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg41114.html"
},
{
"refsource": "MISC",
"name": "https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/",
"url": "https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/"
},
{
"refsource": "MISC",
"name": "https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95",
"url": "https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95"
}
]
}

56
2021/40xxx/CVE-2021-40537.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://owncloud.com/security-advisories/cve-2021-40537/",
"refsource": "MISC",
"name": "https://owncloud.com/security-advisories/cve-2021-40537/"
}
]
}