admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-01 12:01:11 +00:00
parent 67464cf3ba
commit 37ace934af
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 186 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2010/4xxx/CVE-2010-4756.json
View File

@ -66,6 +66,16 @@
"name": "http://cxib.net/stuff/glob-0day.c",
"refsource": "MISC",
"url": "http://cxib.net/stuff/glob-0day.c"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=681681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681681"
}
]
}

5
2021/28xxx/CVE-2021-28694.json
View File

@ -142,6 +142,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-378.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-378.txt"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210901 Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86",
"url": "http://www.openwall.com/lists/oss-security/2021/09/01/1"
}
]
},

5
2021/28xxx/CVE-2021-28695.json
View File

@ -142,6 +142,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-378.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-378.txt"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210901 Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86",
"url": "http://www.openwall.com/lists/oss-security/2021/09/01/1"
}
]
},

5
2021/28xxx/CVE-2021-28696.json
View File

@ -142,6 +142,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-378.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-378.txt"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210901 Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86",
"url": "http://www.openwall.com/lists/oss-security/2021/09/01/1"
}
]
},

5
2021/28xxx/CVE-2021-28698.json
View File

@ -141,6 +141,11 @@
"url": "https://xenbits.xenproject.org/xsa/advisory-380.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-380.txt"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210901 Xen Security Advisory 380 v3 (CVE-2021-28698) - long running loops in grant table handling",
"url": "http://www.openwall.com/lists/oss-security/2021/09/01/2"
}
]
},

107
2021/35xxx/CVE-2021-35238.json
View File

@ -1,18 +1,113 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"ID": "CVE-2021-35238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Orion Platform",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "2020.2.6 and previous versions ",
"version_value": "2020.2.6 HF1 "
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " SolarWinds would like to thank Kajetan Rostojek for reporting on the issue in a responsible manner. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
},
{
"refsource": "MISC",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US",
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-1?language=en_US"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238",
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35238"
}
]
},
"solution": [
{
"lang": "eng",
"value": "SolarWinds recommends installing 2020.2.6 Hotfix 1 for the Orion Platform as soon as it becomes available. All customers should implement all the recommendations from the Orion Secure Configuration Guide."
}
],
"source": {
"defect": [
"CVE-2021-35238"
],
"discovery": "UNKNOWN"
}
}

61
2021/38xxx/CVE-2021-38703.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38703",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-38703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2",
"refsource": "MISC",
"name": "https://www.kpnwebshop.com/modems-routers/producten/experia-wifi/2"
},
{
"refsource": "MISC",
"name": "https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/",
"url": "https://7bits.nl/journal/posts/cve-2021-38703-kpn-experia-wifi-root-shell/"
}
]
}