admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-07 21:00:58 +00:00
parent 70fb43f404
commit 135ccddb37
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 136 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/10xxx/CVE-2019-10086.json
View File

@ -268,6 +268,11 @@
"refsource": "MLIST",
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E"
}
]
},

63
2019/18xxx/CVE-2019-18351.json
View File

@ -1,66 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18351",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.asterisk.org/downloads/security-advisories",
"refsource": "MISC",
"name": "https://www.asterisk.org/downloads/security-advisories"
},
{
"refsource": "MISC",
"name": "http://downloads.asterisk.org/pub/security/AST-2019-006.html",
"url": "http://downloads.asterisk.org/pub/security/AST-2019-006.html"
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-18790. Reason: This candidate is a duplicate of CVE-2019-18790. Notes: All CVE users should reference CVE-2019-18790 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

2
2019/18xxx/CVE-2019-18790.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and Certified Asterisk 13.21, because of an incomplete fix for CVE-2019-18351. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
"value": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport."
}
]
},

5
2020/13xxx/CVE-2020-13529.json
View File

@ -73,6 +73,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"
}
]
},

2
2021/32xxx/CVE-2021-32782.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly.\n"
"value": "Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly."
}
]
},

5
2021/33xxx/CVE-2021-33910.json
View File

@ -121,6 +121,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list",
"url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"
}
]
}

2
2021/37xxx/CVE-2021-37628.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": " Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (\"Upload Only\" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.\n"
"value": "Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (\"Upload Only\" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application."
}
]
},

2
2021/37xxx/CVE-2021-37629.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": " Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.\n"
"value": "Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled."
}
]
},

61
2021/39xxx/CVE-2021-39500.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39500",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-39500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject \"../\" to escape and write file to writeable directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/eyoucms/eyoucms/releases/tag/v1.5.4",
"refsource": "MISC",
"name": "https://github.com/eyoucms/eyoucms/releases/tag/v1.5.4"
},
{
"refsource": "MISC",
"name": "https://github.com/KietNA-HPT/CVE",
"url": "https://github.com/KietNA-HPT/CVE"
}
]
}

61
2021/39xxx/CVE-2021-39501.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-39501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/eyoucms/eyoucms/issues/17",
"refsource": "MISC",
"name": "https://github.com/eyoucms/eyoucms/issues/17"
},
{
"refsource": "MISC",
"name": "https://github.com/KietNA-HPT/CVE",
"url": "https://github.com/KietNA-HPT/CVE"
}
]
}