admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-26 16:00:41 +00:00
parent 03ee2d3470
commit 17d277484a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
27 changed files with 1178 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
2021/20xxx/CVE-2021-20260.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "Not-Known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932181"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-20260",
"url": "https://access.redhat.com/security/cve/CVE-2021-20260"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

70
2021/35xxx/CVE-2021-35939.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RPM",
"version": {
"version_data": [
{
"version_value": "Fixed in RPM-v4.18"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 - Improper Link Resolution Before File Access ('Link Following')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://rpm.org/wiki/Releases/4.18.0",
"url": "https://rpm.org/wiki/Releases/4.18.0"
},
{
"refsource": "MISC",
"name": "https://github.com/rpm-software-management/rpm/pull/1919",
"url": "https://github.com/rpm-software-management/rpm/pull/1919"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964129"
},
{
"refsource": "MISC",
"name": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556",
"url": "https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-35939",
"url": "https://access.redhat.com/security/cve/CVE-2021-35939"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

55
2021/3xxx/CVE-2021-3414.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3414",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "satellite",
"version": {
"version_data": [
{
"version_value": "Satellite v6.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281 - Improper Preservation of Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926139"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3414",
"url": "https://access.redhat.com/security/cve/CVE-2021-3414"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality."
}
]
}

55
2021/3xxx/CVE-2021-3427.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3427",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Deluge-web",
"version": {
"version_data": [
{
"version_value": "Not-Known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://dev.deluge-torrent.org/ticket/3459",
"url": "https://dev.deluge-torrent.org/ticket/3459"
},
{
"refsource": "MISC",
"name": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg",
"url": "https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session."
}
]
}

65
2021/3xxx/CVE-2021-3563.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3563",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keystone",
"version": {
"version_data": [
{
"version_value": "Not-known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 - Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/ossa/+bug/1901891",
"url": "https://bugs.launchpad.net/ossa/+bug/1901891"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1962908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962908"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3563",
"url": "https://access.redhat.com/security/cve/CVE-2021-3563"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-3563",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3563"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
}

60
2021/3xxx/CVE-2021-3574.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3574",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ImageMagick",
"version": {
"version_data": [
{
"version_value": "Fixed in ImageMagick-7.0.11-8, ImageMagick-6.9.12-8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 - Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/issues/3540",
"url": "https://github.com/ImageMagick/ImageMagick/issues/3540"
},
{
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9",
"url": "https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9"
},
{
"refsource": "MISC",
"name": "https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792",
"url": "https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks."
}
]
}

70
2021/3xxx/CVE-2021-3585.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "openstack/tripleo-heat-templates.",
"version": {
"version_data": [
{
"version_value": "Fixed in openstack-tripleo-heat-templates-8.4.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1961709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961709"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1968247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968247"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/tripleo/+bug/1931132",
"url": "https://bugs.launchpad.net/tripleo/+bug/1931132"
},
{
"refsource": "MISC",
"name": "https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988",
"url": "https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3585",
"url": "https://access.redhat.com/security/cve/CVE-2021-3585"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager."
}
]
}

4
2021/3xxx/CVE-2021-3627.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3627",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

70
2021/3xxx/CVE-2021-3632.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3632",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "Fixed in v15.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 - Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/KEYCLOAK-18500",
"url": "https://issues.redhat.com/browse/KEYCLOAK-18500"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978196"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3632",
"url": "https://access.redhat.com/security/cve/CVE-2021-3632"
},
{
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/pull/8203",
"url": "https://github.com/keycloak/keycloak/pull/8203"
},
{
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4",
"url": "https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow."
}
]
}

75
2021/3xxx/CVE-2021-3644.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3644",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "wildfly-core",
"version": {
"version_data": [
{
"version_value": "Fixed in 16.0.1.Final, 17.0.0.Final and later."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976052"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3644",
"url": "https://access.redhat.com/security/cve/CVE-2021-3644"
},
{
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/WFCORE-5511",
"url": "https://issues.redhat.com/browse/WFCORE-5511"
},
{
"refsource": "MISC",
"name": "https://github.com/wildfly/wildfly-core/pull/4668",
"url": "https://github.com/wildfly/wildfly-core/pull/4668"
},
{
"refsource": "MISC",
"name": "https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b",
"url": "https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b"
},
{
"refsource": "MISC",
"name": "https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714",
"url": "https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity."
}
]
}

4
2021/3xxx/CVE-2021-3651.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

65
2021/3xxx/CVE-2021-3669.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Not Known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1986473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986473"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1980619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980619"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3669",
"url": "https://access.redhat.com/security/cve/CVE-2021-3669"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-3669",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3669"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS."
}
]
}

55
2021/3xxx/CVE-2021-3688.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Red Hat JBCS HTTP Server",
"version": {
"version_data": [
{
"version_value": "Fixed in jbcs-httpd-2.4.37.SP10 GA"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990252"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3688",
"url": "https://access.redhat.com/security/cve/CVE-2021-3688"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
}

4
2021/3xxx/CVE-2021-3691.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

55
2021/3xxx/CVE-2021-3703.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3703",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Serverless",
"version": {
"version_data": [
{
"version_value": "Fixed in Serverless 1.17.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1992955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992955"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3703",
"url": "https://access.redhat.com/security/cve/CVE-2021-3703"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0."
}
]
}

60
2021/3xxx/CVE-2021-3735.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "Not Known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-667 - Improper Locking -> CWE-400 - Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1997184",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997184"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3735",
"url": "https://access.redhat.com/security/cve/CVE-2021-3735"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-3735",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3735"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability."
}
]
}

55
2021/3xxx/CVE-2021-3754.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "Not-Known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 - Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3754",
"url": "https://access.redhat.com/security/cve/CVE-2021-3754"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password."
}
]
}

70
2021/3xxx/CVE-2021-3856.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "Fixed in 15.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 - Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/KEYCLOAK-19422",
"url": "https://issues.redhat.com/browse/KEYCLOAK-19422"
},
{
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/pull/8588",
"url": "https://github.com/keycloak/keycloak/pull/8588"
},
{
"refsource": "MISC",
"name": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743",
"url": "https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010164"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3856",
"url": "https://access.redhat.com/security/cve/CVE-2021-3856"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available."
}
]
}

70
2021/3xxx/CVE-2021-3859.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "Fixed in 2.2.15.Final"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-214 - Invocation of Process Using Visible Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"refsource": "MISC",
"name": "https://issues.redhat.com/browse/UNDERTOW-1979",
"url": "https://issues.redhat.com/browse/UNDERTOW-1979"
},
{
"refsource": "MISC",
"name": "https://github.com/undertow-io/undertow/pull/1296",
"url": "https://github.com/undertow-io/undertow/pull/1296"
},
{
"refsource": "MISC",
"name": "https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2",
"url": "https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3859",
"url": "https://access.redhat.com/security/cve/CVE-2021-3859"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks."
}
]
}

80
2021/3xxx/CVE-2021-3864.json
View File

@ -4,14 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3864",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Not Known"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 - Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/10/20/2",
"url": "https://www.openwall.com/lists/oss-security/2021/10/20/2"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2015046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015046"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2021-3864",
"url": "https://access.redhat.com/security/cve/CVE-2021-3864"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com/",
"url": "https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com/"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com/",
"url": "https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com/"
},
{
"refsource": "MISC",
"name": "https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/",
"url": "https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2021-3864",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3864"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges."
}
]
}

4
2021/3xxx/CVE-2021-3913.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3913",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

4
2021/4xxx/CVE-2021-4215.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-4215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

55
2021/4xxx/CVE-2021-4216.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-4216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "mupdf",
"version": {
"version_data": [
{
"version_value": "Fixed in v1.20.0-rc1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 - Divide By Zero"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=704834",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=704834"
},
{
"refsource": "MISC",
"name": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf",
"url": "https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream."
}
]
}

50
2022/25xxx/CVE-2022-25625.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25625",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@symantec.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Symantec Privileged Access Management (PAM)",
"version": {
"version_data": [
{
"version_value": "4.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.broadcom.com/external/content/SecurityAdvisories/0/20850",
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/20850"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A malicious unauthorized PAM user can access the administration configuration data and change the values."
}
]
}

30
2022/34xxx/CVE-2022-34169.json
View File

@ -121,6 +121,36 @@
"refsource": "FEDORA",
"name": "FEDORA-2022-19b6f21746",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-ae563934f7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-e573851f56",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d26586b419",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-80afe2304a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-b76ab52e73",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html",
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
}
]
},

8
2022/34xxx/CVE-2022-34255.json
View File

@ -57,15 +57,15 @@
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"availabilityImpact": "Low",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control (CWE-284)"
"value": "Incorrect Authorization (CWE-863)"
}
]
}

2
2022/35xxx/CVE-2022-35692.json
View File

@ -75,7 +75,7 @@
"description": [
{
"lang": "eng",
"value": "Improper Access Control (CWE-284)"
"value": "Incorrect Authorization (CWE-863)"
}
]
}