admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-16 16:00:44 +00:00
parent 33fd0be837
commit 3ddeb81cb2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 185 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/17xxx/CVE-2019-17571.json
View File

@ -453,6 +453,11 @@
"refsource": "MLIST",
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tinkerpop-dev] 20210316 [jira] [Created] (TINKERPOP-2534) Log4j flagged as critical security violation",
"url": "https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47@%3Cdev.tinkerpop.apache.org%3E"
}
]
},

15
2020/13xxx/CVE-2020-13956.json
View File

@ -118,6 +118,21 @@
"refsource": "MLIST",
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652@%3Cissues.solr.apache.org%3E"
}
]
},

5
2021/1xxx/CVE-2021-1645.json
View File

@ -212,6 +212,11 @@
"refsource": "FULLDISC",
"name": "20210316 [CSA-2021-002] DP API ineffective in Windows containers",
"url": "http://seclists.org/fulldisclosure/2021/Mar/33"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161816/Microsoft-Windows-Containers-DP-API-Cryptography-Flaw.html",
"url": "http://packetstormsecurity.com/files/161816/Microsoft-Windows-Containers-DP-API-Cryptography-Flaw.html"
}
]
}

55
2021/22xxx/CVE-2021-22887.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22887",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "support@hackerone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "PSA5000, PSA7000",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.0d"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44712"
},
{
"refsource": "MISC",
"name": "https://www.supermicro.com/en/support/security/Trickbot",
"url": "https://www.supermicro.com/en/support/security/Trickbot"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device."
}
]
}

55
2021/25xxx/CVE-2021-25916.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "patchmerge",
"version": {
"version_data": [
{
"version_value": "1.0.0, 1.0.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25916",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25916"
},
{
"refsource": "MISC",
"name": "https://github.com/pjshumphreys/patchmerge/commit/5b383c537eae7a00ebd26d3f7211dac99ddecb12",
"url": "https://github.com/pjshumphreys/patchmerge/commit/5b383c537eae7a00ebd26d3f7211dac99ddecb12"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution."
}
]
}

2
2021/27xxx/CVE-2021-27889.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scriptiong (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages."
"value": "Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages."
}
]
},

61
2021/27xxx/CVE-2021-27938.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27938",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/symbiote/silverstripe-queuedjobs/releases",
"refsource": "MISC",
"name": "https://github.com/symbiote/silverstripe-queuedjobs/releases"
},
{
"refsource": "CONFIRM",
"name": "https://www.silverstripe.org/download/security-releases/cve-2021-27938",
"url": "https://www.silverstripe.org/download/security-releases/cve-2021-27938"
}
]
}