admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-15 13:01:01 +00:00
parent ea181ca3e0
commit 3bc866e530
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 288 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/3xxx/CVE-2020-3960.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-3960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware ESXi, Workstation, and Fusion",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0012.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0012.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory."
}
]
}

107
2021/27xxx/CVE-2021-27662.json
View File

@ -1,18 +1,113 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productsecurity@jci.com",
"DATE_PUBLIC": "2021-09-10T06:01:00.000Z",
"ID": "CVE-2021-27662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "KT-1 Capture-replay"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KT-1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "all versions up to and including 3.01",
"version_value": "3.01"
}
]
}
}
]
},
"vendor_name": "Johnson Controls"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dr. Dave Burke"
},
{
"lang": "eng",
"value": "Anthony Connor"
},
{
"lang": "eng",
"value": "Harrison Spisak"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "CONFIRM",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"name": "ICS-CERT Advisory",
"refsource": "CERT",
"url": "https://us-cert.gov/ics/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade the KT-1 controller to version 3.04 and upgrade EntraPass to version 8.40."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

70
2021/30xxx/CVE-2021-30137.json
View File

@ -1,18 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30137",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-30137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2021-30137.pdf",
"url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2021-30137.pdf"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:L/I:L/PR:L/S:C/UI:N",
"version": "3.1"
}
}
}

29
2021/35xxx/CVE-2021-35217.json
View File

@ -1,7 +1,7 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2021-09-09T10:03:00.000Z",
"DATE_PUBLIC": "2021-09-02T13:14:00.000Z",
"ID": "CVE-2021-35217",
"STATE": "PUBLIC",
"TITLE": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability. "
@ -13,14 +13,13 @@
"product": {
"product_data": [
{
"product_name": "Patch Manager",
"product_name": "Orion Platform ",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "2020.2.5 and previous versions",
"version_value": "2020.2.6 HF1"
"version_value": "2020.2.6"
}
]
}
@ -74,7 +73,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
"value": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability."
}
]
}
@ -83,19 +82,19 @@
"references": {
"reference_data": [
{
"name": "https://support.solarwinds.com/SuccessCenter/s/article/Patch-Manager-2020-2-6-Hotfix-1-Release-Notes?language=en_US",
"refsource": "CONFIRM",
"url": "https://support.solarwinds.com/SuccessCenter/s/article/Patch-Manager-2020-2-6-Hotfix-1-Release-Notes?language=en_US"
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
},
{
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217",
"refsource": "CONFIRM",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
"refsource": "CONFIRM",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217",
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
}
]
},
@ -106,6 +105,6 @@
}
],
"source": {
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
}
}

66
2021/40xxx/CVE-2021-40845.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40845",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-40845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/164149/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/164149/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html"
},
{
"refsource": "MISC",
"name": "https://github.com/ricardojoserf/CVE-2021-40845",
"url": "https://github.com/ricardojoserf/CVE-2021-40845"
},
{
"refsource": "MISC",
"name": "https://ricardojoserf.github.io/CVE-2021-40845/",
"url": "https://ricardojoserf.github.io/CVE-2021-40845/"
}
]
}

4
2021/41xxx/CVE-2021-41076.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-41076",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}