admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #431 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2021-04-20 07:32:53 -04:00 committed by GitHub
commit 06d4096d80
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
68 changed files with 2708 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/11xxx/CVE-2020-11979.json
View File

@ -119,6 +119,11 @@
"name": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm",
"refsource": "MISC",
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm"
},
{
"refsource": "MLIST",
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
}
]
}

5
2020/13xxx/CVE-2020-13949.json
View File

@ -403,6 +403,11 @@
"refsource": "MLIST",
"name": "[hbase-issues] 20210415 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"url": "https://lists.apache.org/thread.html/r13f40151513ff095a44a86556c65597a7e55c00f5e19764a05530266@%3Cissues.hbase.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210420 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr",
"url": "https://lists.apache.org/thread.html/r886b6d9a89b6fa0aafbf0a8f8f14351548d6c6f027886a3646dbd075@%3Cissues.solr.apache.org%3E"
}
]
},

5
2020/1xxx/CVE-2020-1945.json
View File

@ -273,6 +273,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"refsource": "MLIST",
"name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
}
]
},

12
2020/24xxx/CVE-2020-24994.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.14.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file."
"value": "Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file."
}
]
},
@ -61,6 +61,16 @@
"refsource": "MISC",
"name": "https://github.com/libass/libass/issues/423",
"url": "https://github.com/libass/libass/issues/423"
},
{
"refsource": "MISC",
"name": "https://github.com/libass/libass/issues/422#issuecomment-806002919",
"url": "https://github.com/libass/libass/issues/422#issuecomment-806002919"
},
{
"refsource": "MISC",
"name": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e",
"url": "https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e"
}
]
}

10
2020/25xxx/CVE-2020-25693.json
View File

@ -48,6 +48,16 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1893377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893377"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-ca1151e997",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MJ5Q7NNUPXATTBUKHFKIYYAV5GJDYCZL/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-bc6585e31a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZ3NPLYXZWEL7HETIFZVCXEZZ2WYYRWA/"
}
]
},

50
2020/27xxx/CVE-2020-27240.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27240",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

50
2020/27xxx/CVE-2020-27241.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "OpenClinic",
"version": {
"version_data": [
{
"version_value": "OpenClinic GA 5.173.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1207"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in \u2018getAssets.jsp\u2019 page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
]
}

10
2020/36xxx/CVE-2020-36277.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2612-1] leptonlib security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-977ebc82da",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f5f2803fff",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/"
}
]
}

10
2020/36xxx/CVE-2020-36278.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2612-1] leptonlib security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-977ebc82da",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f5f2803fff",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/"
}
]
}

10
2020/36xxx/CVE-2020-36279.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2612-1] leptonlib security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-977ebc82da",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f5f2803fff",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/"
}
]
}

10
2020/36xxx/CVE-2020-36280.json
View File

@ -66,6 +66,16 @@
"url": "https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c",
"refsource": "MISC",
"name": "https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-977ebc82da",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f5f2803fff",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/"
}
]
}

10
2020/36xxx/CVE-2020-36281.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2612-1] leptonlib security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-977ebc82da",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f5f2803fff",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/"
}
]
}

5
2020/5xxx/CVE-2020-5791.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/159743/Nagios-XI-5.7.3-Remote-Command-Injection.html",
"url": "http://packetstormsecurity.com/files/159743/Nagios-XI-5.7.3-Remote-Command-Injection.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162235/Nagios-XI-5.7.3-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/162235/Nagios-XI-5.7.3-Remote-Code-Execution.html"
}
]
},

10
2020/9xxx/CVE-2020-9492.json
View File

@ -78,6 +78,16 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210304-0001/",
"url": "https://security.netapp.com/advisory/ntap-20210304-0001/"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210419 [jira] [Updated] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210419 [jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2",
"url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E"
}
]
},

5
2021/1xxx/CVE-2021-1472.json
View File

@ -71,6 +71,11 @@
"name": "20210407 Cisco Small Business RV Series Routers Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx"
},
{
"refsource": "FULLDISC",
"name": "20210419 [CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution",
"url": "http://seclists.org/fulldisclosure/2021/Apr/39"
}
]
},

5
2021/1xxx/CVE-2021-1473.json
View File

@ -71,6 +71,11 @@
"name": "20210407 Cisco Small Business RV Series Routers Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx"
},
{
"refsource": "FULLDISC",
"name": "20210419 [CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution",
"url": "http://seclists.org/fulldisclosure/2021/Apr/39"
}
]
},

55
2021/20xxx/CVE-2021-20208.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20208",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "cifs-utils",
"version": {
"version_data": [
{
"version_value": "cifs-utils 6.13"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1921116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921116"
},
{
"refsource": "MISC",
"name": "https://bugzilla.samba.org/show_bug.cgi?id=14651",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=14651"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
}

84
2021/20xxx/CVE-2021-20527.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "38.0"
}
]
},
"product_name": "Resilient OnPrem"
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6444747",
"url": "https://www.ibm.com/support/pages/node/6444747",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6444747 (Resilient OnPrem)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-resilient-cve202120527-code-exec (198759)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198759",
"refsource": "XF"
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-20527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-04-18T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"impact": {
"cvssv3": {
"BM": {
"S": "U",
"I": "H",
"C": "L",
"SCORE": "6.000",
"PR": "H",
"A": "L",
"AC": "L",
"UI": "N",
"AV": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759."
}
]
}
},
"data_type": "CVE"
}

7
2021/20xxx/CVE-2021-20989.json
View File

@ -90,10 +90,15 @@
"name": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/",
"refsource": "CONFIRM",
"url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/"
},
{
"refsource": "FULLDISC",
"name": "20210419 [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center",
"url": "http://seclists.org/fulldisclosure/2021/Apr/27"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}

5
2021/20xxx/CVE-2021-20990.json
View File

@ -90,6 +90,11 @@
"name": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/",
"refsource": "CONFIRM",
"url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/"
},
{
"refsource": "FULLDISC",
"name": "20210419 [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center",
"url": "http://seclists.org/fulldisclosure/2021/Apr/27"
}
]
},

5
2021/20xxx/CVE-2021-20991.json
View File

@ -90,6 +90,11 @@
"name": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/",
"refsource": "CONFIRM",
"url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/"
},
{
"refsource": "FULLDISC",
"name": "20210419 [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center",
"url": "http://seclists.org/fulldisclosure/2021/Apr/27"
}
]
},

5
2021/20xxx/CVE-2021-20992.json
View File

@ -90,6 +90,11 @@
"name": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/",
"refsource": "CONFIRM",
"url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center/"
},
{
"refsource": "FULLDISC",
"name": "20210419 [CVE-2021-20989, CVE-2021-20990, CVE-2021-20991, CVE-2021-20992] Multiple vulnerabilities in Fibaro Home Center",
"url": "http://seclists.org/fulldisclosure/2021/Apr/27"
}
]
},

5
2021/21xxx/CVE-2021-21409.json
View File

@ -183,6 +183,11 @@
"refsource": "MLIST",
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E"
}
]
},

7
2021/26xxx/CVE-2021-26560.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_26",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159"
}
]
}
}
}

7
2021/26xxx/CVE-2021-26561.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_26",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159"
}
]
}
}
}

7
2021/26xxx/CVE-2021-26562.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_26",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159"
}
]
}
}
}

7
2021/26xxx/CVE-2021-26563.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_26",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158"
}
]
}
}
}

7
2021/26xxx/CVE-2021-26564.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_26",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160"
}
]
}
}
}

7
2021/26xxx/CVE-2021-26565.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_26",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160"
}
]
}
}
}

7
2021/26xxx/CVE-2021-26566.json
View File

@ -65,7 +65,12 @@
"name": "https://www.synology.com/security/advisory/Synology_SA_20_26",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_26"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160"
}
]
}
}
}

56
2021/27xxx/CVE-2021-27458.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27458",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "JTEKT Corporation TOYOPUC products",
"version": {
"version_data": [
{
"version_value": "TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions"
},
{
"version_value": "TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions"
},
{
"version_value": "TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If Ethernet communication of the JTEKT Corporation TOYOPUC product series\u2019 (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters."
}
]
}

5
2021/28xxx/CVE-2021-28153.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210416-0003/",
"url": "https://security.netapp.com/advisory/ntap-20210416-0003/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5c81cb03d0",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/"
}
]
}

5
2021/28xxx/CVE-2021-28313.json
View File

@ -251,6 +251,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313"
},
{
"refsource": "FULLDISC",
"name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
"url": "http://seclists.org/fulldisclosure/2021/Apr/40"
}
]
}

5
2021/28xxx/CVE-2021-28321.json
View File

@ -251,6 +251,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321"
},
{
"refsource": "FULLDISC",
"name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
"url": "http://seclists.org/fulldisclosure/2021/Apr/40"
}
]
}

5
2021/28xxx/CVE-2021-28322.json
View File

@ -251,6 +251,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322"
},
{
"refsource": "FULLDISC",
"name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
"url": "http://seclists.org/fulldisclosure/2021/Apr/40"
}
]
}

5
2021/28xxx/CVE-2021-28323.json
View File

@ -264,6 +264,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28323",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28323"
},
{
"refsource": "FULLDISC",
"name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
"url": "http://seclists.org/fulldisclosure/2021/Apr/40"
}
]
}

5
2021/28xxx/CVE-2021-28468.json
View File

@ -56,6 +56,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28468",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28468"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-421/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-421/"
}
]
}

61
2021/29xxx/CVE-2021-29279.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-29279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1718",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1718"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b",
"url": "https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b"
}
]
}

85
2021/29xxx/CVE-2021-29434.json
View File

@ -1,18 +1,91 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wagtail",
"version": {
"version_data": [
{
"version_value": "<= 2.11.6"
},
{
"version_value": ">= 2.12, <= 2.12.3"
}
]
}
}
]
},
"vendor_name": "wagtail"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx",
"refsource": "CONFIRM",
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-wq5h-f9p5-q7fx"
},
{
"name": "https://pypi.org/project/wagtail/",
"refsource": "MISC",
"url": "https://pypi.org/project/wagtail/"
}
]
},
"source": {
"advisory": "GHSA-wq5h-f9p5-q7fx",
"discovery": "UNKNOWN"
}
}

87
2021/29xxx/CVE-2021-29453.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29453",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Denial of service through memory exhaustion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "matrix-media-repo",
"version": {
"version_data": [
{
"version_value": "<= 1.2.6"
}
]
}
}
]
},
"vendor_name": "turt2live"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h",
"refsource": "CONFIRM",
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h"
},
{
"name": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1&ordering=last_updated",
"refsource": "MISC",
"url": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1&ordering=last_updated"
},
{
"name": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7",
"refsource": "MISC",
"url": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7"
}
]
},
"source": {
"advisory": "GHSA-j889-h476-hh9h",
"discovery": "UNKNOWN"
}
}

87
2021/29xxx/CVE-2021-29455.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29455",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Missing validation of JWT signature in `grassrootza/grassroot-platform`"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grassroot-platform",
"version": {
"version_data": [
{
"version_value": "< 1.3.1"
}
]
}
}
]
},
"vendor_name": "grassrootza"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT. This allows to forge a valid JWT. The problem has been patched in version 1.3.1 by deprecating the JWT refresh function, which was an overdue deprecation regardless (the \"refresh\" flow is no longer used)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-347\":\"Improper Verification of Cryptographic Signature\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grassrootza/grassroot-platform/security/advisories/GHSA-f65w-6xw8-6734",
"refsource": "CONFIRM",
"url": "https://github.com/grassrootza/grassroot-platform/security/advisories/GHSA-f65w-6xw8-6734"
},
{
"name": "https://github.com/grassrootza/grassroot-platform/",
"refsource": "MISC",
"url": "https://github.com/grassrootza/grassroot-platform/"
},
{
"name": "https://github.com/grassrootza/grassroot-platform/commit/a2e6e885f8183a066d938cf909fd813a7af7d67f",
"refsource": "MISC",
"url": "https://github.com/grassrootza/grassroot-platform/commit/a2e6e885f8183a066d938cf909fd813a7af7d67f"
}
]
},
"source": {
"advisory": "GHSA-f65w-6xw8-6734",
"discovery": "UNKNOWN"
}
}

71
2021/29xxx/CVE-2021-29457.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29457",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Heap buffer overflow in Exiv2::Jp2Image::doWriteMetadata"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "exiv2",
"version": {
"version_data": [
{
"version_value": "< 0.27.4"
}
]
}
}
]
},
"vendor_name": "Exiv2"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/1529",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/1529"
},
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm",
"refsource": "CONFIRM",
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/1534",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/pull/1534"
}
]
},
"source": {
"advisory": "GHSA-v74w-h496-cgqm",
"discovery": "UNKNOWN"
}
}

71
2021/29xxx/CVE-2021-29458.json
View File

@ -1,18 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29458",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds read in Exiv2::Internal::CrwMap::encode"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "exiv2",
"version": {
"version_data": [
{
"version_value": "< 0.27.4"
}
]
}
}
]
},
"vendor_name": "Exiv2"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/1530",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/1530"
},
{
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5",
"refsource": "CONFIRM",
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5"
},
{
"name": "https://github.com/Exiv2/exiv2/pull/1536",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/pull/1536"
}
]
},
"source": {
"advisory": "GHSA-57jj-75fm-9rq5",
"discovery": "UNKNOWN"
}
}

61
2021/30xxx/CVE-2021-30014.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1721",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1721"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"url": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788"
}
]
}

61
2021/30xxx/CVE-2021-30015.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1719",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1719"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec",
"url": "https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec"
}
]
}

61
2021/30xxx/CVE-2021-30019.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1723",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1723"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc",
"url": "https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc"
}
]
}

61
2021/30xxx/CVE-2021-30020.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1722",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1722"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"url": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788"
}
]
}

61
2021/30xxx/CVE-2021-30022.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1720",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1720"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788",
"url": "https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788"
}
]
}

61
2021/30xxx/CVE-2021-30199.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1728",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1728"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca",
"url": "https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca"
}
]
}

61
2021/31xxx/CVE-2021-31254.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1703",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1703"
},
{
"url": "https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8"
}
]
}

61
2021/31xxx/CVE-2021-31255.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1733",
"url": "https://github.com/gpac/gpac/issues/1733"
},
{
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5",
"url": "https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5"
}
]
}

61
2021/31xxx/CVE-2021-31256.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1705",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1705"
},
{
"url": "https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e"
}
]
}

61
2021/31xxx/CVE-2021-31257.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1734",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1734"
},
{
"url": "https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0"
}
]
}

61
2021/31xxx/CVE-2021-31258.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1706",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1706"
},
{
"url": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e"
}
]
}

61
2021/31xxx/CVE-2021-31259.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1735",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1735"
},
{
"url": "https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8"
}
]
}

61
2021/31xxx/CVE-2021-31260.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1736",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1736"
},
{
"url": "https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9"
}
]
}

61
2021/31xxx/CVE-2021-31261.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1737",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1737"
},
{
"url": "https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65"
}
]
}

61
2021/31xxx/CVE-2021-31262.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1738",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1738"
},
{
"url": "https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50"
}
]
}

128
2021/3xxx/CVE-2021-3035.json
View File

@ -1,18 +1,132 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-3035",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bridgecrew Checkov",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0",
"version_value": "2.0.26"
},
{
"version_affected": "!>=",
"version_name": "2.0",
"version_value": "2.0.26"
},
{
"version_affected": "!",
"version_name": "1.0",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Kevin Higgs of Trail of Bits for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3035",
"name": "https://security.paloaltonetworks.com/CVE-2021-3035"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in Checkov 2.0.26 and all later releases."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2021-04-14T16:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "eng",
"value": "Do not run Checkov on terraform files from untrusted sources or pull requests."
}
],
"x_affectedList": [
"BridgeCrew Checkov 2.0"
]
}

233
2021/3xxx/CVE-2021-3036.json
View File

@ -1,18 +1,237 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-3036",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.19"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.12"
},
{
"version_affected": "<",
"version_name": "9.1",
"version_value": "9.1.6"
},
{
"version_affected": "<",
"version_name": "10.0",
"version_value": "10.0.1"
},
{
"version_affected": "!>=",
"version_name": "8.1",
"version_value": "8.1.19"
},
{
"version_affected": "!>=",
"version_name": "9.0",
"version_value": "9.0.12"
},
{
"version_affected": "!>=",
"version_name": "9.1",
"version_value": "9.1.6"
},
{
"version_affected": "!>=",
"version_name": "10.0",
"version_value": "10.0.1"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API. "
}
],
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks David Tien of Cyber Risk for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests. Logged information includes the cleartext username, password, and API key of the administrator making the PAN-OS XML API request."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3036",
"name": "https://security.paloaltonetworks.com/CVE-2021-3036"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.12, PAN-OS 9.1.6, PAN-OS 10.0.1, and all later PAN-OS versions.\n\nAfter you upgrade the PAN-OS appliance, you must change the passwords and generate a new API key for all impacted PAN-OS administrators."
}
],
"source": {
"defect": [
"PAN-154114"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2021-04-14T16:00:00.000Z",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "eng",
"value": "You must change the passwords and generate a new API key for all impacted PAN-OS administrators. Confirm that there aren\u2019t any PAN-OS XML API requests that repeat API parameters in the request."
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"PAN-OS 10.0.0",
"PAN-OS 10.0",
"PAN-OS 9.1.5",
"PAN-OS 9.1.4",
"PAN-OS 9.1.3-h1",
"PAN-OS 9.1.3",
"PAN-OS 9.1.2-h1",
"PAN-OS 9.1.2",
"PAN-OS 9.1.1",
"PAN-OS 9.1.0-h3",
"PAN-OS 9.1.0-h2",
"PAN-OS 9.1.0-h1",
"PAN-OS 9.1.0",
"PAN-OS 9.1",
"PAN-OS 9.0.11",
"PAN-OS 9.0.10",
"PAN-OS 9.0.9-h1",
"PAN-OS 9.0.9",
"PAN-OS 9.0.8",
"PAN-OS 9.0.7",
"PAN-OS 9.0.6",
"PAN-OS 9.0.5",
"PAN-OS 9.0.4",
"PAN-OS 9.0.3-h3",
"PAN-OS 9.0.3-h2",
"PAN-OS 9.0.3-h1",
"PAN-OS 9.0.3",
"PAN-OS 9.0.2-h4",
"PAN-OS 9.0.2-h3",
"PAN-OS 9.0.2-h2",
"PAN-OS 9.0.2-h1",
"PAN-OS 9.0.2",
"PAN-OS 9.0.1",
"PAN-OS 9.0.0",
"PAN-OS 9.0",
"PAN-OS 8.1.18",
"PAN-OS 8.1.17",
"PAN-OS 8.1.16",
"PAN-OS 8.1.15-h3",
"PAN-OS 8.1.15-h2",
"PAN-OS 8.1.15-h1",
"PAN-OS 8.1.15",
"PAN-OS 8.1.14-h2",
"PAN-OS 8.1.14-h1",
"PAN-OS 8.1.14",
"PAN-OS 8.1.13",
"PAN-OS 8.1.12",
"PAN-OS 8.1.11",
"PAN-OS 8.1.10",
"PAN-OS 8.1.9-h4",
"PAN-OS 8.1.9-h3",
"PAN-OS 8.1.9-h2",
"PAN-OS 8.1.9-h1",
"PAN-OS 8.1.9",
"PAN-OS 8.1.8-h5",
"PAN-OS 8.1.8-h4",
"PAN-OS 8.1.8-h3",
"PAN-OS 8.1.8-h2",
"PAN-OS 8.1.8-h1",
"PAN-OS 8.1.8",
"PAN-OS 8.1.7",
"PAN-OS 8.1.6-h2",
"PAN-OS 8.1.6-h1",
"PAN-OS 8.1.6",
"PAN-OS 8.1.5",
"PAN-OS 8.1.4",
"PAN-OS 8.1.3",
"PAN-OS 8.1.2",
"PAN-OS 8.1.1",
"PAN-OS 8.1.0",
"PAN-OS 8.1"
]
}

219
2021/3xxx/CVE-2021-3037.json
View File

@ -1,18 +1,223 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-3037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "PAN-OS: Secrets for scheduled configuration exports are logged in system logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.1",
"version_value": "8.1.19"
},
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.13"
},
{
"version_affected": "<",
"version_name": "9.1",
"version_value": "9.1.4"
},
{
"version_affected": "!>=",
"version_name": "10.0",
"version_value": "10.0.0"
},
{
"version_affected": "!>=",
"version_name": "8.1",
"version_value": "8.1.19"
},
{
"version_affected": "!>=",
"version_name": "9.0",
"version_value": "9.0.13"
},
{
"version_affected": "!>=",
"version_name": "9.1",
"version_value": "9.1.4"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue is only applicable to PAN-OS devices that have been configured to use scheduled configuration exports at any time."
}
],
"credit": [
{
"lang": "eng",
"value": "This issue was found by a customer of Palo Alto Networks during a security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-534 Information Exposure Through Debug Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3037",
"name": "https://security.paloaltonetworks.com/CVE-2021-3037"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in PAN-OS 8.1.19, PAN-OS 9.0.13, PAN-OS 9.1.4, and all later PAN-OS versions.\n\nAfter you upgrade the PAN-OS appliance, you must change the connection details used in scheduled configuration exports. You should also change the credentials on the destination server that are used to export the configuration."
}
],
"source": {
"defect": [
"PAN-131474"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2021-04-14T16:00:00.000Z",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"PAN-OS 9.1.3-h1",
"PAN-OS 9.1.3",
"PAN-OS 9.1.2-h1",
"PAN-OS 9.1.2",
"PAN-OS 9.1.1",
"PAN-OS 9.1.0-h3",
"PAN-OS 9.1.0-h2",
"PAN-OS 9.1.0-h1",
"PAN-OS 9.1.0",
"PAN-OS 9.1",
"PAN-OS 9.0.12",
"PAN-OS 9.0.11",
"PAN-OS 9.0.10",
"PAN-OS 9.0.9-h1",
"PAN-OS 9.0.9",
"PAN-OS 9.0.8",
"PAN-OS 9.0.7",
"PAN-OS 9.0.6",
"PAN-OS 9.0.5",
"PAN-OS 9.0.4",
"PAN-OS 9.0.3-h3",
"PAN-OS 9.0.3-h2",
"PAN-OS 9.0.3-h1",
"PAN-OS 9.0.3",
"PAN-OS 9.0.2-h4",
"PAN-OS 9.0.2-h3",
"PAN-OS 9.0.2-h2",
"PAN-OS 9.0.2-h1",
"PAN-OS 9.0.2",
"PAN-OS 9.0.1",
"PAN-OS 9.0.0",
"PAN-OS 9.0",
"PAN-OS 8.1.18",
"PAN-OS 8.1.17",
"PAN-OS 8.1.16",
"PAN-OS 8.1.15-h3",
"PAN-OS 8.1.15-h2",
"PAN-OS 8.1.15-h1",
"PAN-OS 8.1.15",
"PAN-OS 8.1.14-h2",
"PAN-OS 8.1.14-h1",
"PAN-OS 8.1.14",
"PAN-OS 8.1.13",
"PAN-OS 8.1.12",
"PAN-OS 8.1.11",
"PAN-OS 8.1.10",
"PAN-OS 8.1.9-h4",
"PAN-OS 8.1.9-h3",
"PAN-OS 8.1.9-h2",
"PAN-OS 8.1.9-h1",
"PAN-OS 8.1.9",
"PAN-OS 8.1.8-h5",
"PAN-OS 8.1.8-h4",
"PAN-OS 8.1.8-h3",
"PAN-OS 8.1.8-h2",
"PAN-OS 8.1.8-h1",
"PAN-OS 8.1.8",
"PAN-OS 8.1.7",
"PAN-OS 8.1.6-h2",
"PAN-OS 8.1.6-h1",
"PAN-OS 8.1.6",
"PAN-OS 8.1.5",
"PAN-OS 8.1.4",
"PAN-OS 8.1.3",
"PAN-OS 8.1.2",
"PAN-OS 8.1.1",
"PAN-OS 8.1.0",
"PAN-OS 8.1"
]
}

155
2021/3xxx/CVE-2021-3038.json
View File

@ -1,18 +1,159 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-3038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Windows VPN kernel driver denial of service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "5.1",
"version_value": "5.1.8"
},
{
"platform": "Windows",
"version_affected": "!>=",
"version_name": "5.1",
"version_value": "5.1.8"
},
{
"platform": "Windows",
"version_affected": "<",
"version_name": "5.2",
"version_value": "5.2.4"
},
{
"platform": "Windows",
"version_affected": "!>=",
"version_name": "5.2",
"version_value": "5.2.4"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Christophe Schleypen from NCIA / NCIRC for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-248 Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3038",
"name": "https://security.paloaltonetworks.com/CVE-2021-3038"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue is fixed in GlobalProtect app 5.1.8, GlobalProtect app 5.2.4, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10983"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "eng",
"time": "2021-04-14T16:00:00.000Z",
"value": "Initial publication"
}
],
"x_advisoryEoL": false,
"x_affectedList": [
"GlobalProtect App 5.2.3",
"GlobalProtect App 5.2.2",
"GlobalProtect App 5.2.1",
"GlobalProtect App 5.2.0",
"GlobalProtect App 5.2",
"GlobalProtect App 5.1.7",
"GlobalProtect App 5.1.6",
"GlobalProtect App 5.1.5",
"GlobalProtect App 5.1.4",
"GlobalProtect App 5.1.3",
"GlobalProtect App 5.1.1",
"GlobalProtect App 5.1.0",
"GlobalProtect App 5.1"
]
}

55
2021/3xxx/CVE-2021-3497.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "gstreamer-plugins-good",
"version": {
"version_data": [
{
"version_value": "gstreamer-plugins-good 1.18.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1945339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945339"
},
{
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2021-0002.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2021-0002.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files."
}
]
}

55
2021/3xxx/CVE-2021-3498.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "gstreamer-plugins-good",
"version": {
"version_data": [
{
"version_value": "gstreamer-plugins-good 1.18.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1945342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945342"
},
{
"refsource": "MISC",
"name": "https://gstreamer.freedesktop.org/security/sa-2021-0003.html",
"url": "https://gstreamer.freedesktop.org/security/sa-2021-0003.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files."
}
]
}

55
2021/3xxx/CVE-2021-3505.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libtpms",
"version": {
"version_data": [
{
"version_value": "libtpms 0.8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-331"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950046"
},
{
"refsource": "MISC",
"name": "https://github.com/stefanberger/libtpms/issues/183",
"url": "https://github.com/stefanberger/libtpms/issues/183"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality."
}
]
}

72
2021/3xxx/CVE-2021-3506.json Normal file
View File

@ -0,0 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3506",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.12.0-rc4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1944298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944298"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/03/28/2",
"url": "https://www.openwall.com/lists/oss-security/2021/03/28/2"
},
{
"refsource": "MISC",
"name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html",
"url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability."
}
]
}
}

18
2021/3xxx/CVE-2021-3507.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3508.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}