admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-15 17:00:44 +00:00
parent 262625981b
commit 1c623c22c6
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 245 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/10xxx/CVE-2018-10237.json
View File

@ -291,6 +291,11 @@
"refsource": "MLIST",
"name": "[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes",
"url": "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability",
"url": "https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94@%3Cissues.storm.apache.org%3E"
}
]
}

5
2019/17xxx/CVE-2019-17558.json
View File

@ -178,6 +178,11 @@
"refsource": "MLIST",
"name": "[lucene-solr-user] 20210213 Re: CVE-2019-17558 on SOLR 6.1",
"url": "https://lists.apache.org/thread.html/r5dc200f7337093285bac40e6d5de5ea66597c3da343a0f7553f1bb12@%3Csolr-user.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20210315 [GitHub] [lucene-solr] erikhatcher commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability",
"url": "https://lists.apache.org/thread.html/r7f21ab40a9b17b1a703db84ac56773fcabacd4cc1eb5c4700d17c071@%3Cissues.lucene.apache.org%3E"
}
]
},

56
2020/24xxx/CVE-2020-24877.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/h4ckdepy/zzzphp/issues/1",
"refsource": "MISC",
"name": "https://github.com/h4ckdepy/zzzphp/issues/1"
}
]
}

10
2020/27xxx/CVE-2020-27216.json
View File

@ -495,6 +495,16 @@
"refsource": "MLIST",
"name": "[beam-issues] 20210313 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r8cacf91ae1b17cc6531d20953c52fa52f6fd3191deb3383446086ab7@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210315 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r2f732ee49d00610683ab5ddb4692ab25136b00bfd132ca3a590218a9@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210315 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/raa9c370ab42d737e93bc1795bb6a2187d7c60210cd5e3b3ce8f3c484@%3Cissues.beam.apache.org%3E"
}
]
}

7
2021/23xxx/CVE-2021-23355.json
View File

@ -48,8 +48,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-PSKILL-1078529"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-PSKILL-1078529",
"name": "https://snyk.io/vuln/SNYK-JS-PSKILL-1078529"
}
]
},
@ -57,7 +58,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package ps-kill.\n If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands.\r\nThis is due to use of the child_process exec function without input sanitization in the index.js file.\r\n\r\n\r\nPoC (provided by reporter):\r\n\r\nvar ps_kill = require('ps-kill');\r\n\r\nps_kill.kill('$(touch success)',function(){});\r\n\n"
"value": "This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require('ps-kill'); ps_kill.kill('$(touch success)',function(){});"
}
]
},

7
2021/23xxx/CVE-2021-23356.json
View File

@ -48,8 +48,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-KILLPROCESSBYNAME-1078534"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-KILLPROCESSBYNAME-1078534",
"name": "https://snyk.io/vuln/SNYK-JS-KILLPROCESSBYNAME-1078534"
}
]
},
@ -57,7 +58,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package kill-process-by-name.\n If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands.\r\nThis is due to use of the child_process exec function without input sanitization in the index.js file.\r\n\r\n\r\n"
"value": "This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file."
}
]
},

12
2021/23xxx/CVE-2021-23357.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKGATEWAY-1078516"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKGATEWAY-1078516",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKGATEWAY-1078516"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/TykTechnologies/tyk/issues/3390"
"refsource": "MISC",
"url": "https://github.com/TykTechnologies/tyk/issues/3390",
"name": "https://github.com/TykTechnologies/tyk/issues/3390"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function.\r\n\r\nThis function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request.\n"
"value": "All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request."
}
]
},

61
2021/27xxx/CVE-2021-27695.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any \"Add\" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://openmaint.com",
"refsource": "MISC",
"name": "http://openmaint.com"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49649",
"url": "https://www.exploit-db.com/exploits/49649"
}
]
}

61
2021/27xxx/CVE-2021-27817.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27817",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gongfuxiang/shopxo",
"refsource": "MISC",
"name": "https://github.com/gongfuxiang/shopxo"
},
{
"url": "https://github.com/h4ckdepy/vuls/blob/main/shopxo.md",
"refsource": "MISC",
"name": "https://github.com/h4ckdepy/vuls/blob/main/shopxo.md"
}
]
}

56
2021/27xxx/CVE-2021-27889.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site Scriptiong (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm",
"url": "https://github.com/mybb/mybb/security/advisories/GHSA-xhj7-3349-mqcm"
}
]
}