admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
JamesMihm 2022-10-17 11:35:08 -07:00
commit 33664e20f1
1157 changed files with 34721 additions and 3362 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/10xxx/CVE-2016-10228.json
View File

@ -91,6 +91,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224" "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
} }

67
2017/20xxx/CVE-2017-20149.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-20149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/BigNerd95/Chimay-Red",
"refsource": "MISC",
"name": "https://github.com/BigNerd95/Chimay-Red"
},
{
"url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/",
"refsource": "MISC",
"name": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"
}
]
}
}

63
2017/7xxx/CVE-2017-7517.json
View File

@ -1,17 +1,66 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7517",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-7517",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Hawkular Metrics",
"version": {
"version_data": [
{
"version_value": "Hawkular Metrics as shipped in Red Hat Openshift 3.x"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1470414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470414"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2017-7517",
"url": "https://access.redhat.com/security/cve/CVE-2017-7517"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called \"MyProject\", and then later deletes it another user can then create a project called \"MyProject\" and access the metrics stored from the original \"MyProject\" instance."
} }
] ]
} }

4
2018/17xxx/CVE-2018-17954.json
View File

@ -92,7 +92,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-." "value": "An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-."
} }
] ]
}, },
@ -121,7 +121,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-272: Least Privilege Violation" "value": "CWE-269: Improper Privilege Management"
} }
] ]
} }

2
2018/17xxx/CVE-2018-17956.json
View File

@ -69,7 +69,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-214" "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
} }
] ]
} }

67
2019/14xxx/CVE-2019-14840.json Normal file
View File

@ -0,0 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14840",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Business-central",
"version": {
"version_data": [
{
"version_value": "Business-central as shipped in RHDM 7 and RHPAM 7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1748185",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748185"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14840",
"url": "https://access.redhat.com/security/cve/CVE-2019-14840"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials."
}
]
}
}

67
2019/14xxx/CVE-2019-14841.json Normal file
View File

@ -0,0 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14841",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Business-central",
"version": {
"version_data": [
{
"version_value": "Business-central as shipped in RHDM 7 and RHPAM 7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1744801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744801"
},
{
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2019-14841",
"url": "https://access.redhat.com/security/cve/CVE-2019-14841"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console."
}
]
}
}

12
2019/18xxx/CVE-2019-18899.json
View File

@ -73,7 +73,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges" "value": "CWE-269: Improper Privilege Management"
} }
] ]
} }
@ -81,11 +81,6 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1157703",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157703"
},
{ {
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0124", "name": "openSUSE-SU-2020:0124",
@ -95,6 +90,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0146", "name": "openSUSE-SU-2020:0146",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1157703",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157703"
} }
] ]
}, },

4
2019/18xxx/CVE-2019-18906.json
View File

@ -56,7 +56,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A Use of Password Hash Instead of Password for Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4." "value": "A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4."
} }
] ]
}, },
@ -85,7 +85,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-836: Use of Password Hash Instead of Password for Authentication" "value": "CWE-287: Improper Authentication"
} }
] ]
} }

5
2019/19xxx/CVE-2019-19126.json
View File

@ -71,6 +71,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4416-1", "name": "USN-4416-1",
"url": "https://usn.ubuntu.com/4416-1/" "url": "https://usn.ubuntu.com/4416-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
} }

5
2019/25xxx/CVE-2019-25013.json
View File

@ -131,6 +131,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210205-0004/", "name": "https://security.netapp.com/advisory/ntap-20210205-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210205-0004/" "url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
} }

5
2020/10xxx/CVE-2020-10029.json
View File

@ -96,6 +96,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4416-1", "name": "USN-4416-1",
"url": "https://usn.ubuntu.com/4416-1/" "url": "https://usn.ubuntu.com/4416-1/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
} }

10
2020/10xxx/CVE-2020-10735.json
View File

@ -148,6 +148,16 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2022-ac82a548df", "name": "FEDORA-2022-ac82a548df",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-d4570fc1a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2022-b8b34e62ab",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/"
} }
] ]
}, },

5
2020/14xxx/CVE-2020-14339.json
View File

@ -53,6 +53,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202101-22", "name": "GLSA-202101-22",
"url": "https://security.gentoo.org/glsa/202101-22" "url": "https://security.gentoo.org/glsa/202101-22"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-06",
"url": "https://security.gentoo.org/glsa/202210-06"
} }
] ]
}, },

5
2020/1xxx/CVE-2020-1752.json
View File

@ -86,6 +86,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
}, },

5
2020/1xxx/CVE-2020-1968.json
View File

@ -111,6 +111,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html" "name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-02",
"url": "https://security.gentoo.org/glsa/202210-02"
} }
] ]
} }

5
2020/25xxx/CVE-2020-25637.json
View File

@ -58,6 +58,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:1777", "name": "openSUSE-SU-2020:1777",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-06",
"url": "https://security.gentoo.org/glsa/202210-06"
} }
] ]
}, },

4
2020/26xxx/CVE-2020-26839.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26839", "ID": "CVE-2020-26839",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26840.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26840", "ID": "CVE-2020-26840",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26841.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26841", "ID": "CVE-2020-26841",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26842.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26842", "ID": "CVE-2020-26842",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26843.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26843", "ID": "CVE-2020-26843",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26844.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26844", "ID": "CVE-2020-26844",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26845.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26845", "ID": "CVE-2020-26845",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26846.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26846", "ID": "CVE-2020-26846",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26847.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26847", "ID": "CVE-2020-26847",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26848.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26848", "ID": "CVE-2020-26848",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26849.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26849", "ID": "CVE-2020-26849",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26850.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26850", "ID": "CVE-2020-26850",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26851.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26851", "ID": "CVE-2020-26851",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26852.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26852", "ID": "CVE-2020-26852",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26853.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26853", "ID": "CVE-2020-26853",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26854.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26854", "ID": "CVE-2020-26854",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26855.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26855", "ID": "CVE-2020-26855",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26856.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26856", "ID": "CVE-2020-26856",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26857.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26857", "ID": "CVE-2020-26857",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26858.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26858", "ID": "CVE-2020-26858",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26859.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26859", "ID": "CVE-2020-26859",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26860.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26860", "ID": "CVE-2020-26860",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26861.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26861", "ID": "CVE-2020-26861",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26862.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26862", "ID": "CVE-2020-26862",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26863.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26863", "ID": "CVE-2020-26863",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26864.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26864", "ID": "CVE-2020-26864",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26865.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26865", "ID": "CVE-2020-26865",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

4
2020/26xxx/CVE-2020-26866.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-26866", "ID": "CVE-2020-26866",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none."
} }
] ]
} }

5
2020/27xxx/CVE-2020-27618.json
View File

@ -81,6 +81,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html" "name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
} }

50
2020/35xxx/CVE-2020-35539.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-35539", "ID": "CVE-2020-35539",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Wordpress",
"version": {
"version_data": [
{
"version_value": "Wordpress 5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Mar/24",
"url": "https://seclists.org/fulldisclosure/2021/Mar/24"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A flaw was found in Wordpress 5.1. \"X-Forwarded-For\" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated."
} }
] ]
} }

5
2020/4xxx/CVE-2020-4301.json
View File

@ -20,6 +20,11 @@
"refsource": "XF", "refsource": "XF",
"title": "X-Force Vulnerability Report", "title": "X-Force Vulnerability Report",
"name": "ibm-cognos-cve20204301-csrf (176609)" "name": "ibm-cognos-cve20204301-csrf (176609)"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221014-0005/",
"url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
} }
] ]
}, },

5
2020/6xxx/CVE-2020-6096.json
View File

@ -73,6 +73,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019", "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019" "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
}, },

2
2020/7xxx/CVE-2020-7774.json
View File

@ -83,7 +83,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true" "value": "The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution."
} }
] ]
}, },

12
2020/8xxx/CVE-2020-8016.json
View File

@ -116,7 +116,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-363: Race Condition Enabling Link Following" "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
} }
] ]
} }
@ -124,15 +124,15 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1159740",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1159740"
},
{ {
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0804", "name": "openSUSE-SU-2020:0804",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1159740",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1159740"
} }
] ]
}, },

12
2020/8xxx/CVE-2020-8017.json
View File

@ -116,7 +116,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-363: Race Condition Enabling Link Following" "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
} }
] ]
} }
@ -124,15 +124,15 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1158910",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1158910"
},
{ {
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2020:0804", "name": "openSUSE-SU-2020:0804",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1158910",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1158910"
} }
] ]
}, },

50
2021/0xxx/CVE-2021-0699.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-0699", "ID": "CVE-2021-0699",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@android.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android SoC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2022-10-01",
"url": "https://source.android.com/security/bulletin/2022-10-01"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345178"
} }
] ]
} }

50
2021/20xxx/CVE-2021-20030.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-20030", "ID": "CVE-2021-20030",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "PSIRT@sonicwall.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall GMS",
"version": {
"version_data": [
{
"version_value": "prior GMS 9.3.2"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0021",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0021"
} }
] ]
} }

5
2021/20xxx/CVE-2021-20468.json
View File

@ -21,6 +21,11 @@
"name": "ibm-cognos-cve202120468-csrf (196825)", "name": "ibm-cognos-cve202120468-csrf (196825)",
"title": "X-Force Vulnerability Report", "title": "X-Force Vulnerability Report",
"refsource": "XF" "refsource": "XF"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221014-0005/",
"url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
} }
] ]
}, },

13
2021/20xxx/CVE-2021-20594.json
View File

@ -15,14 +15,14 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "MELSEC iQ-R series CPU modules R08/16/32/120SFCPU; R08/16/32/120PSFCPU", "product_name": "Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "all versions" "version_value": "Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior"
}, },
{ {
"version_value": "all versions" "version_value": "Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions"
} }
] ]
} }
@ -56,6 +56,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf", "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf" "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-008_en.pdf"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01"
} }
] ]
}, },
@ -63,7 +68,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names." "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names."
} }
] ]
} }

13
2021/20xxx/CVE-2021-20597.json
View File

@ -15,14 +15,14 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "MELSEC iQ-R series CPU modules R08/16/32/120SFCPU; R08/16/32/120PSFCPU", "product_name": "Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "all versions" "version_value": "Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior"
}, },
{ {
"version_value": "all versions" "version_value": "Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions"
} }
] ]
} }
@ -56,6 +56,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU98578731/index.html", "name": "https://jvn.jp/vu/JVNVU98578731/index.html",
"url": "https://jvn.jp/vu/JVNVU98578731/index.html" "url": "https://jvn.jp/vu/JVNVU98578731/index.html"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-250-01"
} }
] ]
}, },
@ -63,7 +68,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password." "value": "Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions \"26\" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password."
} }
] ]
} }

15
2021/20xxx/CVE-2021-20599.json
View File

@ -15,14 +15,14 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU; MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU", "product_name": "Mitsubishi Electric MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "All versions" "version_value": "Mitsubishi Electric MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU Firmware versions \"26\" and prior"
}, },
{ {
"version_value": "All versions" "version_value": "Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU All versions"
} }
] ]
} }
@ -39,7 +39,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Authorization Bypass Through User-Controlled Key" "value": "Cleartext transmission of sensitive information"
} }
] ]
} }
@ -56,6 +56,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://jvn.jp/vu/JVNVU98578731", "name": "https://jvn.jp/vu/JVNVU98578731",
"url": "https://jvn.jp/vu/JVNVU98578731" "url": "https://jvn.jp/vu/JVNVU98578731"
},
{
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-03"
} }
] ]
}, },
@ -63,7 +68,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password." "value": "Cleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions \"26\" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password."
} }
] ]
} }

5
2021/22xxx/CVE-2021-22235.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-04",
"url": "https://security.gentoo.org/glsa/202210-04"
} }
] ]
}, },

97
2021/22xxx/CVE-2021-22685.json
View File

@ -1,18 +1,103 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22685", "ID": "CVE-2021-22685",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "Cassia Networks Access Controller Path Traversal"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Controller",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.0.1"
}
]
}
}
]
},
"vendor_name": "Cassia Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Amir Preminger and Sharon Brizinov of Claroty reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-02"
},
{
"name": "https://www.cassianetworks.com/support/knowledge-base/",
"refsource": "CONFIRM",
"url": "https://www.cassianetworks.com/support/knowledge-base/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Cassia Networks has released a patch (https://www.cassianetworks.com/support/knowledge-base/) that mitigates the reported vulnerability."
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

92
2021/27xxx/CVE-2021-27406.json
View File

@ -1,18 +1,98 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27406", "ID": "CVE-2021-27406",
"ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC",
"STATE": "RESERVED" "TITLE": "PerFact OpenVPN-Client"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenVPN-Client",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.4.1.0"
}
]
}
}
]
},
"vendor_name": "PerFact"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-15 External Control of System or Configuration Setting"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-056-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "PerFact has released Version 1.6.0, which mitigates this vulnerability."
}
],
"source": {
"discovery": "EXTERNAL"
}
} }

12
2021/27xxx/CVE-2021-27597.json
View File

@ -128,7 +128,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-125)"
} }
] ]
} }
@ -145,16 +145,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3020209", "url": "https://launchpad.support.sap.com/#/notes/3020209",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3020209" "name": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27606.json
View File

@ -112,7 +112,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-125)"
} }
] ]
} }
@ -129,16 +129,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3020104", "url": "https://launchpad.support.sap.com/#/notes/3020104",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3020104" "name": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/29"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27607.json
View File

@ -136,7 +136,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-476)"
} }
] ]
} }
@ -153,16 +153,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3021197", "url": "https://launchpad.support.sap.com/#/notes/3021197",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3021197" "name": "https://launchpad.support.sap.com/#/notes/3021197"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/27"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164591/SAP-NetWeaver-ABAP-Dispatcher-Service-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164591/SAP-NetWeaver-ABAP-Dispatcher-Service-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27620.json
View File

@ -68,7 +68,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -85,16 +85,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3021050", "url": "https://launchpad.support.sap.com/#/notes/3021050",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3021050" "name": "https://launchpad.support.sap.com/#/notes/3021050"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/31"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27622.json
View File

@ -68,7 +68,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -85,16 +85,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3021050", "url": "https://launchpad.support.sap.com/#/notes/3021050",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3021050" "name": "https://launchpad.support.sap.com/#/notes/3021050"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/31"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html"
} }
] ]
} }

2
2021/27xxx/CVE-2021-27623.json
View File

@ -68,7 +68,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27624.json
View File

@ -68,7 +68,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -85,16 +85,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3021050", "url": "https://launchpad.support.sap.com/#/notes/3021050",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3021050" "name": "https://launchpad.support.sap.com/#/notes/3021050"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/31"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27625.json
View File

@ -68,7 +68,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -85,16 +85,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3021050", "url": "https://launchpad.support.sap.com/#/notes/3021050",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3021050" "name": "https://launchpad.support.sap.com/#/notes/3021050"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/31"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27626.json
View File

@ -68,7 +68,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -85,16 +85,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3021050", "url": "https://launchpad.support.sap.com/#/notes/3021050",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3021050" "name": "https://launchpad.support.sap.com/#/notes/3021050"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/31"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27627.json
View File

@ -68,7 +68,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -85,16 +85,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3021050", "url": "https://launchpad.support.sap.com/#/notes/3021050",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3021050" "name": "https://launchpad.support.sap.com/#/notes/3021050"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0019: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP IGS service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/31"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164598/SAP-NetWeaver-ABAP-IGS-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27628.json
View File

@ -136,7 +136,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -153,16 +153,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3021197", "url": "https://launchpad.support.sap.com/#/notes/3021197",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3021197" "name": "https://launchpad.support.sap.com/#/notes/3021197"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0015: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Dispatcher service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/27"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164591/SAP-NetWeaver-ABAP-Dispatcher-Service-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164591/SAP-NetWeaver-ABAP-Dispatcher-Service-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27629.json
View File

@ -112,7 +112,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-125)"
} }
] ]
} }
@ -129,16 +129,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3020104", "url": "https://launchpad.support.sap.com/#/notes/3020104",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3020104" "name": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/29"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27630.json
View File

@ -112,7 +112,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-476)"
} }
] ]
} }
@ -129,16 +129,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3020104", "url": "https://launchpad.support.sap.com/#/notes/3020104",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3020104" "name": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/29"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27631.json
View File

@ -112,7 +112,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-476)"
} }
] ]
} }
@ -129,16 +129,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3020104", "url": "https://launchpad.support.sap.com/#/notes/3020104",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3020104" "name": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/29"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27632.json
View File

@ -112,7 +112,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-476)"
} }
] ]
} }
@ -129,16 +129,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3020104", "url": "https://launchpad.support.sap.com/#/notes/3020104",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3020104" "name": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0017: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Enqueue service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/29"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164595/SAP-NetWeaver-ABAP-Enqueue-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27633.json
View File

@ -128,7 +128,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -145,16 +145,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3020209", "url": "https://launchpad.support.sap.com/#/notes/3020209",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3020209" "name": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html"
} }
] ]
} }

12
2021/27xxx/CVE-2021-27634.json
View File

@ -128,7 +128,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "Improper Input Validation (CWE-20)" "value": "Improper Input Validation (CWE-787)"
} }
] ]
} }
@ -145,16 +145,6 @@
"url": "https://launchpad.support.sap.com/#/notes/3020209", "url": "https://launchpad.support.sap.com/#/notes/3020209",
"refsource": "MISC", "refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3020209" "name": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"refsource": "FULLDISC",
"name": "20211022 Onapsis Security Advisory 2021-0018: [Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Gateway service",
"url": "http://seclists.org/fulldisclosure/2021/Oct/30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/164596/SAP-NetWeaver-ABAP-Gateway-Memory-Corruption.html"
} }
] ]
} }

5
2021/27xxx/CVE-2021-27645.json
View File

@ -71,6 +71,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202107-07", "name": "GLSA-202107-07",
"url": "https://security.gentoo.org/glsa/202107-07" "url": "https://security.gentoo.org/glsa/202107-07"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
} }

5
2021/28xxx/CVE-2021-28875.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/rust-lang/rust/pull/80895", "url": "https://github.com/rust-lang/rust/pull/80895",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/rust-lang/rust/pull/80895" "name": "https://github.com/rust-lang/rust/pull/80895"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

5
2021/28xxx/CVE-2021-28876.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2021-d7f74f0250", "name": "FEDORA-2021-d7f74f0250",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

5
2021/28xxx/CVE-2021-28877.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/rust-lang/rust/pull/80670", "url": "https://github.com/rust-lang/rust/pull/80670",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/rust-lang/rust/pull/80670" "name": "https://github.com/rust-lang/rust/pull/80670"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

5
2021/28xxx/CVE-2021-28878.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2021-d7f74f0250", "name": "FEDORA-2021-d7f74f0250",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

5
2021/28xxx/CVE-2021-28879.json
View File

@ -76,6 +76,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2021-d7f74f0250", "name": "FEDORA-2021-d7f74f0250",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

5
2021/29xxx/CVE-2021-29823.json
View File

@ -20,6 +20,11 @@
"refsource": "XF", "refsource": "XF",
"name": "ibm-cognos-cve202129823-csrf (204465)", "name": "ibm-cognos-cve202129823-csrf (204465)",
"title": "X-Force Vulnerability Report" "title": "X-Force Vulnerability Report"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221014-0005/",
"url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
} }
] ]
}, },

5
2021/29xxx/CVE-2021-29922.json
View File

@ -76,6 +76,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis", "name": "https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis",
"url": "https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis" "url": "https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

2
2021/30xxx/CVE-2021-30496.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework." "value": "** DISPUTED ** The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that \"this behavior can't be considered a vulnerability.\""
} }
] ]
}, },

5
2021/31xxx/CVE-2021-31162.json
View File

@ -81,6 +81,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://github.com/rust-lang/rust/pull/84603", "name": "https://github.com/rust-lang/rust/pull/84603",
"url": "https://github.com/rust-lang/rust/pull/84603" "url": "https://github.com/rust-lang/rust/pull/84603"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

4
2021/31xxx/CVE-2021-31997.json
View File

@ -56,7 +56,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions." "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions."
} }
] ]
}, },
@ -85,7 +85,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following" "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"
} }
] ]
} }

2
2021/32xxx/CVE-2021-32000.json
View File

@ -104,7 +104,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following" "value": "Improper Link Resolution Before File Access ('Link Following')"
} }
] ]
} }

5
2021/33xxx/CVE-2021-33574.json
View File

@ -81,6 +81,11 @@
"refsource": "FEDORA", "refsource": "FEDORA",
"name": "FEDORA-2021-f29b4643c7", "name": "FEDORA-2021-f29b4643c7",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/" "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
} }

5
2021/35xxx/CVE-2021-35942.json
View File

@ -76,6 +76,11 @@
"refsource": "GENTOO", "refsource": "GENTOO",
"name": "GLSA-202208-24", "name": "GLSA-202208-24",
"url": "https://security.gentoo.org/glsa/202208-24" "url": "https://security.gentoo.org/glsa/202208-24"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
} }
] ]
} }

2
2021/36xxx/CVE-2021-36201.json
View File

@ -44,7 +44,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Under certain circumstances a C\u2022CURE Portal user could enumerate user accounts in C\u2022CURE 9000 version 2.90 and prior versions. This issue affects: C\u2022CURE 9000 2.90 and earlier version 2.90 and prior versions." "value": "Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions."
} }
] ]
}, },

5
2021/36xxx/CVE-2021-36317.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC", "refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000193369", "url": "https://www.dell.com/support/kbdoc/000193369",
"name": "https://www.dell.com/support/kbdoc/000193369" "name": "https://www.dell.com/support/kbdoc/000193369"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

5
2021/36xxx/CVE-2021-36318.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC", "refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000193369", "url": "https://www.dell.com/support/kbdoc/000193369",
"name": "https://www.dell.com/support/kbdoc/000193369" "name": "https://www.dell.com/support/kbdoc/000193369"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-09",
"url": "https://security.gentoo.org/glsa/202210-09"
} }
] ]
} }

4
2021/36xxx/CVE-2021-36778.json
View File

@ -56,7 +56,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3." "value": "A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3."
} }
] ]
}, },
@ -85,7 +85,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" "value": "CWE-863: Incorrect Authorization"
} }
] ]
} }

5
2021/39xxx/CVE-2021-39009.json
View File

@ -90,6 +90,11 @@
"title": "X-Force Vulnerability Report", "title": "X-Force Vulnerability Report",
"name": "ibm-cognos-cve202139009-info-disc (213554)", "name": "ibm-cognos-cve202139009-info-disc (213554)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213554"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221014-0005/",
"url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
} }
] ]
} }

5
2021/39xxx/CVE-2021-39045.json
View File

@ -90,6 +90,11 @@
"name": "ibm-cognos-cve202139045-info-disc (214345)", "name": "ibm-cognos-cve202139045-info-disc (214345)",
"refsource": "XF", "refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214345" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/214345"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20221014-0005/",
"url": "https://security.netapp.com/advisory/ntap-20221014-0005/"
} }
] ]
} }

5
2021/39xxx/CVE-2021-39920.json
View File

@ -73,6 +73,11 @@
"refsource": "DEBIAN", "refsource": "DEBIAN",
"name": "DSA-5019", "name": "DSA-5019",
"url": "https://www.debian.org/security/2021/dsa-5019" "url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-04",
"url": "https://security.gentoo.org/glsa/202210-04"
} }
] ]
}, },

5
2021/39xxx/CVE-2021-39921.json
View File

@ -81,6 +81,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html" "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202210-04",
"url": "https://security.gentoo.org/glsa/202210-04"
} }
] ]
}, },

Some files were not shown because too many files have changed in this diff Show More