admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-10 12:00:57 +00:00
parent 81f1556389
commit 2379785bb7
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
21 changed files with 498 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
2019/25xxx/CVE-2019-25046.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cerberusftp.com/products/releasenotes/",
"refsource": "MISC",
"name": "https://www.cerberusftp.com/products/releasenotes/"
},
{
"url": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/",
"refsource": "MISC",
"name": "https://www.cerberusftp.com/xss-vulnerability-when-previewing-svg-content/"
}
]
}
}

5
2021/0xxx/CVE-2021-0086.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
}
]
},

5
2021/0xxx/CVE-2021-0089.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
}
]
},

50
2021/20xxx/CVE-2021-20081.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20081",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ManageEngine ServiceDesk Plus",
"version": {
"version_data": [
{
"version_value": "Before 11205"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete List of Disallowed Inputs leading to Authenticated Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2021-22",
"url": "https://www.tenable.com/security/research/tra-2021-22"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges."
}
]
}

50
2021/20xxx/CVE-2021-20293.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "RESTEasy",
"version": {
"version_data": [
{
"version_value": "All versions of RESTEasy up to 4.6.0.Final"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
}

50
2021/21xxx/CVE-2021-21735.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ZXHN H168N",
"version": {
"version_data": [
{
"version_value": "All versions up to V3.5.0_EG1T4_TE"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE."
}
]
}

50
2021/21xxx/CVE-2021-21736.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ZXHN HS562",
"version": {
"version_data": [
{
"version_value": "V1.0.0.0B2.0000, V1.0.0.0B3.0000"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015964",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015964"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E"
}
]
}

4
2021/25xxx/CVE-2021-25322.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-05-19T00:00:00.000Z",
"ID": "CVE-2021-25322",
"STATE": "PUBLIC",
@ -56,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root.\nThis issue affects:\nopenSUSE Leap 15.2\npython-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions.\nopenSUSE Factory\npython-HyperKitty versions prior to 1.3.4-5.1."
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1."
}
]
},

55
2021/25xxx/CVE-2021-25948.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "expand-hash",
"version": {
"version_data": [
{
"version_value": "0.1.0, 0.1.1, 0.2.1, 0.2.2, 1.0.0, 1.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25948",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25948"
},
{
"refsource": "MISC",
"name": "https://github.com/doowb/expand-hash/blob/556913f6c2f05848110b5b8261cfc78e5ce3dc77/index.js#L19",
"url": "https://github.com/doowb/expand-hash/blob/556913f6c2f05848110b5b8261cfc78e5ce3dc77/index.js#L19"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prototype pollution vulnerability in \u2018expand-hash\u2019 versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution."
}
]
}

55
2021/25xxx/CVE-2021-25949.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "set-getter",
"version": {
"version_data": [
{
"version_value": "0.1.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25949",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25949"
},
{
"refsource": "MISC",
"name": "https://github.com/doowb/set-getter/blob/5bc2750fe1c3db9651d936131be187744111378d/index.js#L56",
"url": "https://github.com/doowb/set-getter/blob/5bc2750fe1c3db9651d936131be187744111378d/index.js#L56"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prototype pollution vulnerability in \u2018set-getter\u2019 version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution."
}
]
}

5
2021/26xxx/CVE-2021-26313.json
View File

@ -72,6 +72,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
"url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
}
]
},

5
2021/26xxx/CVE-2021-26314.json
View File

@ -67,6 +67,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
"url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
}
]
},

5
2021/31xxx/CVE-2021-31983.json
View File

@ -56,6 +56,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-658/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-658/"
}
]
}

4
2021/31xxx/CVE-2021-31997.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-05-20T00:00:00.000Z",
"ID": "CVE-2021-31997",
"STATE": "PUBLIC",
@ -56,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root.\nThis issue affects:\nopenSUSE Leap 15.2\npython-postorius version 1.3.2-lp152.1.2 and prior versions.\nopenSUSE Factory\npython-postorius version 1.3.4-2.1 and prior versions."
"value": "a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions."
}
]
},

4
2021/31xxx/CVE-2021-31998.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-31998",
"STATE": "PUBLIC",
@ -75,7 +75,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root.\nThis issue affects:\nSUSE Linux Enterprise Server 11-SP3\ninn version inn-2.4.2-170.21.3.1 and prior versions.\nopenSUSE Backports SLE-15-SP2\ninn versions prior to 2.6.2.\nopenSUSE Leap 15.2\ninn versions prior to 2.6.2."
"value": "A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2."
}
]
},

18
2021/34xxx/CVE-2021-34540.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/34xxx/CVE-2021-34541.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/34xxx/CVE-2021-34542.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/34xxx/CVE-2021-34543.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34543",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/34xxx/CVE-2021-34544.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/34xxx/CVE-2021-34545.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34545",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}