admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-18 15:00:42 +00:00
parent 314290895a
commit 3dda9c6089
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 83 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/1xxx/CVE-2019-1551.json
View File

@ -169,6 +169,11 @@
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-11",
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"refsource": "DEBIAN",
"name": "DSA-4855",
"url": "https://www.debian.org/security/2021/dsa-4855"
}
]
}

10
2020/27xxx/CVE-2020-27218.json
View File

@ -472,6 +472,16 @@
"refsource": "MLIST",
"name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
"url": "https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59@%3Creviews.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
"url": "https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7@%3Creviews.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
"url": "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40@%3Creviews.spark.apache.org%3E"
}
]
}

17
2020/28xxx/CVE-2020-28490.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877",
"name": "https://snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/omrilotan/async-git/pull/14"
"refsource": "MISC",
"url": "https://github.com/omrilotan/async-git/pull/14",
"name": "https://github.com/omrilotan/async-git/pull/14"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d"
"refsource": "MISC",
"url": "https://github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d",
"name": "https://github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')\n"
"value": "The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')"
}
]
},

22
2020/28xxx/CVE-2020-28496.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-THREE-1064931"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-THREE-1064931",
"name": "https://snyk.io/vuln/SNYK-JS-THREE-1064931"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1065972"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1065972",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1065972"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/mrdoob/three.js/issues/21132"
"refsource": "MISC",
"url": "https://github.com/mrdoob/three.js/issues/21132",
"name": "https://github.com/mrdoob/three.js/issues/21132"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e"
"refsource": "MISC",
"url": "https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e",
"name": "https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package three before 0.125.0.\n This can happen when handling rgb or hsl colors.\r\n\r\nPoC:\r\n\r\nvar three = require('three')\r\n\r\n\r\n\r\nfunction build_blank (n) {\r\n var ret = \"rgb(\"\r\n for (var i = 0; i < n; i++) {\r\n ret += \" \"\r\n }\r\n\r\n return ret + \"\";\r\n}\r\n\r\nvar Color = three.Color\r\n\r\nvar time = Date.now();\r\nnew Color(build_blank(50000))\r\nvar time_cost = Date.now() - time;\r\nconsole.log(time_cost+\" ms\")\r\n\n"
"value": "This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = \"rgb(\" for (var i = 0; i < n; i++) { ret += \" \" } return ret + \"\"; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+\" ms\")"
}
]
},

5
2020/7xxx/CVE-2020-7068.json
View File

@ -111,6 +111,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200918-0005/",
"url": "https://security.netapp.com/advisory/ntap-20200918-0005/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4856",
"url": "https://www.debian.org/security/2021/dsa-4856"
}
]
},

5
2020/7xxx/CVE-2020-7069.json
View File

@ -135,6 +135,11 @@
"refsource": "GENTOO",
"name": "GLSA-202012-16",
"url": "https://security.gentoo.org/glsa/202012-16"
},
{
"refsource": "DEBIAN",
"name": "DSA-4856",
"url": "https://www.debian.org/security/2021/dsa-4856"
}
]
},

5
2020/7xxx/CVE-2020-7070.json
View File

@ -150,6 +150,11 @@
"refsource": "GENTOO",
"name": "GLSA-202012-16",
"url": "https://security.gentoo.org/glsa/202012-16"
},
{
"refsource": "DEBIAN",
"name": "DSA-4856",
"url": "https://www.debian.org/security/2021/dsa-4856"
}
]
},

5
2020/7xxx/CVE-2020-7071.json
View File

@ -95,6 +95,11 @@
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77423",
"name": "https://bugs.php.net/bug.php?id=77423"
},
{
"refsource": "DEBIAN",
"name": "DSA-4856",
"url": "https://www.debian.org/security/2021/dsa-4856"
}
]
},

5
2021/21xxx/CVE-2021-21702.json
View File

@ -95,6 +95,11 @@
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=80672",
"name": "https://bugs.php.net/bug.php?id=80672"
},
{
"refsource": "DEBIAN",
"name": "DSA-4856",
"url": "https://www.debian.org/security/2021/dsa-4856"
}
]
},

17
2021/23xxx/CVE-2021-23340.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132",
"name": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454",
"name": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442",
"name": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package pimcore/pimcore before 6.8.8.\n A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.\r\n\r\n"
"value": "This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability."
}
]
},

5
2021/23xxx/CVE-2021-23840.json
View File

@ -84,6 +84,11 @@
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"
},
{
"refsource": "DEBIAN",
"name": "DSA-4855",
"url": "https://www.debian.org/security/2021/dsa-4855"
}
]
}

5
2021/23xxx/CVE-2021-23841.json
View File

@ -84,6 +84,11 @@
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807"
},
{
"refsource": "DEBIAN",
"name": "DSA-4855",
"url": "https://www.debian.org/security/2021/dsa-4855"
}
]
}