admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-26 21:01:00 +00:00
parent 8f01a42a00
commit 21f24174fa
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 154 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

248
2019/3xxx/CVE-2019-3556.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-01-09",
"ID": "CVE-2019-3556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.83.1"
},
{
"version_affected": ">=",
"version_value": "4.83.0"
},
{
"version_affected": "!>=",
"version_value": "4.82.1"
},
{
"version_affected": ">=",
"version_value": "4.82.0"
},
{
"version_affected": "!>=",
"version_value": "4.81.1"
},
{
"version_affected": ">=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.1"
},
{
"version_affected": ">=",
"version_value": "4.80.0"
},
{
"version_affected": "!>=",
"version_value": "4.79.1"
},
{
"version_affected": ">=",
"version_value": "4.79.0"
},
{
"version_affected": "!>=",
"version_value": "4.78.1"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.2"
},
{
"version_affected": "<",
"version_value": "4.56.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HHVM supports the use of an \"admin\" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4",
"url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
},
{
"refsource": "CONFIRM",
"name": "https://hhvm.com/blog/2020/11/12/security-update.html",
"url": "https://hhvm.com/blog/2020/11/12/security-update.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-3556",
"url": "https://www.facebook.com/security/advisories/cve-2019-3556"
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-01-09",
"ID": "CVE-2019-3556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.83.1"
},
{
"version_affected": ">=",
"version_value": "4.83.0"
},
{
"version_affected": "!>=",
"version_value": "4.82.1"
},
{
"version_affected": ">=",
"version_value": "4.82.0"
},
{
"version_affected": "!>=",
"version_value": "4.81.1"
},
{
"version_affected": ">=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.1"
},
{
"version_affected": ">=",
"version_value": "4.80.0"
},
{
"version_affected": "!>=",
"version_value": "4.79.1"
},
{
"version_affected": ">=",
"version_value": "4.79.0"
},
{
"version_affected": "!>=",
"version_value": "4.78.1"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.2"
},
{
"version_affected": "<",
"version_value": "4.56.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HHVM supports the use of an \"admin\" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://hhvm.com/blog/2020/11/12/security-update.html",
"url": "https://hhvm.com/blog/2020/11/12/security-update.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4",
"url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
},
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-3556",
"url": "https://www.facebook.com/security/advisories/cve-2019-3556"
}
]
}
}

5
2021/30xxx/CVE-2021-30846.json
View File

@ -113,6 +113,11 @@
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212816",
"name": "https://support.apple.com/en-us/HT212816"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
}
]
},

5
2021/30xxx/CVE-2021-30848.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212816",
"name": "https://support.apple.com/en-us/HT212816"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
}
]
},

5
2021/30xxx/CVE-2021-30849.json
View File

@ -129,6 +129,11 @@
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212816",
"name": "https://support.apple.com/en-us/HT212816"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
}
]
},

5
2021/30xxx/CVE-2021-30858.json
View File

@ -125,6 +125,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-edf6957b7d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
}
]
},

5
2021/41xxx/CVE-2021-41133.json
View File

@ -129,6 +129,11 @@
"refsource": "DEBIAN",
"name": "DSA-4984",
"url": "https://www.debian.org/security/2021/dsa-4984"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
}
]
},

5
2021/42xxx/CVE-2021-42762.json
View File

@ -61,6 +61,11 @@
"url": "https://bugs.webkit.org/show_bug.cgi?id=231479",
"refsource": "MISC",
"name": "https://bugs.webkit.org/show_bug.cgi?id=231479"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
}
]
}