admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-08-24 11:00:57 +00:00
parent 943bc3211a
commit 4101d4bd89
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 95 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/20xxx/CVE-2019-20444.json
View File

@ -376,6 +376,11 @@
"refsource": "MLIST",
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445",
"url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E"
}
]
}

5
2019/20xxx/CVE-2019-20445.json
View File

@ -316,6 +316,11 @@
"refsource": "MLIST",
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445",
"url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E"
}
]
}

137
2021/34xxx/CVE-2021-34398.json
View File

@ -1,69 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2021-34398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NVIDIA Data Center GPU Manager (DCGM)",
"version" : {
"version_data" : [
{
"version_value" : "DCGM versions prior to 2.2.9"
}
]
}
}
]
},
"vendor_name" : "NVIDIA"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : 7.8,
"baseSeverity" : "High",
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.1"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information disclosure, denial of service, loss of integrity"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/5219"
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2021-34398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVIDIA Data Center GPU Manager (DCGM)",
"version": {
"version_data": [
{
"version_value": "DCGM versions prior to 2.2.9"
}
]
}
}
]
},
"vendor_name": "NVIDIA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in the DIAG module where any user can inject shared libraries into the DCGM server, which is usually running as root, which may lead to privilege escalation, total loss of confidentiality and integrity, and complete denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure, denial of service, loss of integrity"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5219",
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5219"
}
]
}
}

5
2021/3xxx/CVE-2021-3693.json
View File

@ -83,6 +83,11 @@
"name": "https://ledgersmb.org/cve-2021-3693-cross-site-scripting",
"refsource": "MISC",
"url": "https://ledgersmb.org/cve-2021-3693-cross-site-scripting"
},
{
"refsource": "DEBIAN",
"name": "DSA-4962",
"url": "https://www.debian.org/security/2021/dsa-4962"
}
]
},

5
2021/3xxx/CVE-2021-3694.json
View File

@ -91,6 +91,11 @@
"name": "https://ledgersmb.org/cve-2021-3694-cross-site-scripting",
"refsource": "MISC",
"url": "https://ledgersmb.org/cve-2021-3694-cross-site-scripting"
},
{
"refsource": "DEBIAN",
"name": "DSA-4962",
"url": "https://www.debian.org/security/2021/dsa-4962"
}
]
},

7
2021/3xxx/CVE-2021-3731.json
View File

@ -83,6 +83,11 @@
"name": "https://ledgersmb.org/cve-2021-3731-clickjacking",
"refsource": "CONFIRM",
"url": "https://ledgersmb.org/cve-2021-3731-clickjacking"
},
{
"refsource": "DEBIAN",
"name": "DSA-4962",
"url": "https://www.debian.org/security/2021/dsa-4962"
}
]
},
@ -90,4 +95,4 @@
"advisory": "5664331d-f5f8-4412-8566-408f8655888a",
"discovery": "EXTERNAL"
}
}
}