admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-22 15:00:41 +00:00
parent cd3f061d14
commit 311e4853d9
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 261 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/36xxx/CVE-2020-36144.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Redash 8.0.0 is affected by LDAP Injection. There is an authentication bypass and information leak through the crafting of special queries, escaping the provided template because the ldap_user = auth_ldap_user(request.form[\"email\"], request.form[\"password\"]) auth_ldap_user(username, password) settings.LDAP_SEARCH_TEMPLATE % {\"username\": username} code lacks sanitization."
"value": "Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization."
}
]
},

5
2021/25xxx/CVE-2021-25346.json
View File

@ -82,6 +82,11 @@
"refsource": "MISC",
"url": "https://security.samsungmobile.com/",
"name": "https://security.samsungmobile.com/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-342/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-342/"
}
]
},

56
2021/27xxx/CVE-2021-27308.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the \"redirect\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/4images/4images/issues/3",
"refsource": "MISC",
"name": "https://github.com/4images/4images/issues/3"
}
]
}

20
2021/27xxx/CVE-2021-27962.json
View File

@ -52,6 +52,11 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://community.grafana.com/t/release-notes-v6-7-x/27119",
"url": "https://community.grafana.com/t/release-notes-v6-7-x/27119"
},
{
"url": "https://community.grafana.com",
"refsource": "MISC",
@ -61,6 +66,21 @@
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2021/03/19/5",
"url": "http://www.openwall.com/lists/oss-security/2021/03/19/5"
},
{
"refsource": "CONFIRM",
"name": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/",
"url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/"
},
{
"refsource": "MISC",
"name": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724",
"url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724"
},
{
"refsource": "MISC",
"name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/",
"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/"
}
]
},

25
2021/28xxx/CVE-2021-28146.json
View File

@ -52,6 +52,11 @@
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://community.grafana.com/t/release-notes-v6-7-x/27119",
"url": "https://community.grafana.com/t/release-notes-v6-7-x/27119"
},
{
"url": "https://grafana.com/products/enterprise/",
"refsource": "MISC",
@ -61,6 +66,26 @@
"refsource": "CONFIRM",
"name": "https://www.openwall.com/lists/oss-security/2021/03/19/5",
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/5"
},
{
"refsource": "CONFIRM",
"name": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/",
"url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/"
},
{
"refsource": "MISC",
"name": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724",
"url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724"
},
{
"refsource": "MISC",
"name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/",
"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/"
},
{
"refsource": "MISC",
"name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/",
"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/"
}
]
}

86
2021/28xxx/CVE-2021-28147.json
View File

@ -1,17 +1,91 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28147",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://community.grafana.com/t/release-notes-v6-7-x/27119",
"url": "https://community.grafana.com/t/release-notes-v6-7-x/27119"
},
{
"url": "https://grafana.com/products/enterprise/",
"refsource": "MISC",
"name": "https://grafana.com/products/enterprise/"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/03/19/5",
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/5"
},
{
"refsource": "CONFIRM",
"name": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/",
"url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/"
},
{
"refsource": "MISC",
"name": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724",
"url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724"
},
{
"refsource": "MISC",
"name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/",
"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/"
},
{
"refsource": "MISC",
"name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/",
"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/"
}
]
}

86
2021/28xxx/CVE-2021-28148.json
View File

@ -1,17 +1,91 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28148",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://community.grafana.com/t/release-notes-v6-7-x/27119",
"url": "https://community.grafana.com/t/release-notes-v6-7-x/27119"
},
{
"url": "https://grafana.com/products/enterprise/",
"refsource": "MISC",
"name": "https://grafana.com/products/enterprise/"
},
{
"refsource": "CONFIRM",
"name": "https://www.openwall.com/lists/oss-security/2021/03/19/5",
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/5"
},
{
"refsource": "CONFIRM",
"name": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/",
"url": "https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/"
},
{
"refsource": "MISC",
"name": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724",
"url": "https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724"
},
{
"refsource": "MISC",
"name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/",
"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-3-10/"
},
{
"refsource": "MISC",
"name": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/",
"url": "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/"
}
]
}