admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-21 17:01:04 +00:00
parent 35a20a14ce
commit 2fe328318f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 270 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/13xxx/CVE-2020-13956.json
View File

@ -288,6 +288,11 @@
"refsource": "MLIST",
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E"
}
]
},

10
2021/23xxx/CVE-2021-23437.json
View File

@ -65,6 +65,16 @@
"refsource": "MISC",
"url": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b",
"name": "https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-9f020cf155",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-cbfaefb390",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/"
}
]
},

12
2021/23xxx/CVE-2021-23443.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-EDGEJS-1579556"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-EDGEJS-1579556",
"name": "https://snyk.io/vuln/SNYK-JS-EDGEJS-1579556"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/edge-js/edge/commit/fa2c7fde86327aeae232752e89a6e37e2e469e21"
"refsource": "MISC",
"url": "https://github.com/edge-js/edge/commit/fa2c7fde86327aeae232752e89a6e37e2e469e21",
"name": "https://github.com/edge-js/edge/commit/fa2c7fde86327aeae232752e89a6e37e2e469e21"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package edge.js before 5.3.2.\n A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.\r\n\r\n\r\n"
"value": "This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used."
}
]
},

192
2021/29xxx/CVE-2021-29795.json
View File

@ -1,99 +1,99 @@
{
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "PowerVM Hypervisor",
"version" : {
"version_data" : [
{
"version_value" : "FW930"
},
{
"version_value" : "FW940"
},
{
"version_value" : "FW950"
},
{
"version_value" : "FW860"
}
]
}
}
]
},
"vendor_name" : "IBM"
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"SCORE" : "6.000",
"PR" : "H",
"S" : "C",
"AV" : "L",
"A" : "H",
"C" : "N",
"UI" : "N",
"AC" : "L",
"I" : "N"
}
}
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6490877",
"title" : "IBM Security Bulletin 6490877 (PowerVM Hypervisor)",
"name" : "https://www.ibm.com/support/pages/node/6490877",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/203557",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-powervm-cve202129795-dos (203557)",
"refsource" : "XF"
}
]
},
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-09-20T00:00:00",
"ID" : "CVE-2021-29795",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557."
}
]
}
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerVM Hypervisor",
"version": {
"version_data": [
{
"version_value": "FW930"
},
{
"version_value": "FW940"
},
{
"version_value": "FW950"
},
{
"version_value": "FW860"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"SCORE": "6.000",
"PR": "H",
"S": "C",
"AV": "L",
"A": "H",
"C": "N",
"UI": "N",
"AC": "L",
"I": "N"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6490877",
"title": "IBM Security Bulletin 6490877 (PowerVM Hypervisor)",
"name": "https://www.ibm.com/support/pages/node/6490877",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203557",
"title": "X-Force Vulnerability Report",
"name": "ibm-powervm-cve202129795-dos (203557)",
"refsource": "XF"
}
]
},
"data_type": "CVE",
"CVE_data_meta": {
"DATE_PUBLIC": "2021-09-20T00:00:00",
"ID": "CVE-2021-29795",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557."
}
]
}
}

172
2021/29xxx/CVE-2021-29831.json
View File

@ -1,90 +1,90 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775."
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2021-29831",
"DATE_PUBLIC" : "2021-09-20T00:00:00"
},
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "1.1.3.10"
}
]
},
"product_name" : "Jazz for Service Management"
}
]
},
"vendor_name" : "IBM"
"lang": "eng",
"value": "IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775."
}
]
}
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"A" : "L",
"C" : "H",
"UI" : "N",
"PR" : "L",
"SCORE" : "7.100",
"S" : "U",
"I" : "N",
"AC" : "L"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2021-29831",
"DATE_PUBLIC": "2021-09-20T00:00:00"
},
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "1.1.3.10"
}
]
},
"product_name": "Jazz for Service Management"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE",
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6490905",
"name" : "https://www.ibm.com/support/pages/node/6490905",
"title" : "IBM Security Bulletin 6490905 (Jazz for Service Management)"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/204775",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-tivoli-cve202129831-xxe (204775)",
"refsource" : "XF"
}
]
}
}
}
},
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"A": "L",
"C": "H",
"UI": "N",
"PR": "L",
"SCORE": "7.100",
"S": "U",
"I": "N",
"AC": "L"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_type": "CVE",
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6490905",
"name": "https://www.ibm.com/support/pages/node/6490905",
"title": "IBM Security Bulletin 6490905 (Jazz for Service Management)"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/204775",
"title": "X-Force Vulnerability Report",
"name": "ibm-tivoli-cve202129831-xxe (204775)",
"refsource": "XF"
}
]
}
}

5
2021/30xxx/CVE-2021-30858.json
View File

@ -85,6 +85,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005",
"url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-c00e45b6c0",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"
}
]
},

7
2021/32xxx/CVE-2021-32272.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution."
"value": "An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin located in mp4read.c. It allows an attacker to cause Code Execution."
}
]
},
@ -56,6 +56,11 @@
"url": "https://github.com/knik0/faad2/issues/57",
"refsource": "MISC",
"name": "https://github.com/knik0/faad2/issues/57"
},
{
"refsource": "MISC",
"name": "https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24",
"url": "https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24"
}
]
}

61
2021/40xxx/CVE-2021-40868.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cloudron.io/",
"refsource": "MISC",
"name": "https://www.cloudron.io/"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/164183/Cloudron-6.2-Cross-Site-Scripting.html",
"url": "https://packetstormsecurity.com/files/164183/Cloudron-6.2-Cross-Site-Scripting.html"
}
]
}