admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-21 17:01:03 +00:00
parent eb71391754
commit 43a1e0efce
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 581 additions and 333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/14xxx/CVE-2020-14263.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-14263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "\"HCL Traveler Companion\"",
"version": {
"version_data": [
{
"version_value": "\"HCL Traveler Companion versions prior to 12.0.0\""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Sensitive Data Exposure\""
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0092787",
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0092787"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK\""
}
]
}

5
2020/8xxx/CVE-2020-8908.json
View File

@ -271,6 +271,11 @@
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"refsource": "MLIST",
"name": "[pig-dev] 20211021 [GitHub] [pig] lujiefsi opened a new pull request #36: PIG-5417:Replace guava's Files.createTempDir()",
"url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E"
}
]
},

50
2021/20xxx/CVE-2021-20120.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Arris SurfBoard SB8200",
"version": {
"version_data": [
{
"version_value": "AB01.02.053.01_112320_193.0A.NSH"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2021-45",
"url": "https://www.tenable.com/security/research/tra-2021-45"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user."
}
]
}

120
2021/28xxx/CVE-2021-28496.json
View File

@ -1,18 +1,124 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2021-10-19T16:00:00.000Z",
"ID": "CVE-2021-28496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device. "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arista EOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "EOS-4.22",
"version_value": "EOS-4.22.12"
},
{
"version_affected": "<",
"version_name": "EOS-4.23",
"version_value": "EOS-4.23.10 "
},
{
"version_affected": "<",
"version_name": "EOS-4.24",
"version_value": "EOS-4.24.8"
},
{
"version_affected": "<",
"version_name": "EOS-4.25",
"version_value": "EOS-4.25.5"
},
{
"version_affected": "<",
"version_name": "EOS-4.26",
"version_value": "EOS-4.26.2"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13243-security-advisory-0069",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/13243-security-advisory-0069"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\nThe vulnerability is fixed in the following EOS versions:\n 4.23.10 and later releases\n 4.24.8 and later releases\n 4.25.5 and later releases\n 4.26.2 and later releases"
},
{
"lang": "eng",
"value": "For an immediate remediation until EOS can be upgraded, a hotfix SWIX is available to be installed as EOS extension to fix the issue.\n\nRelease versions: 4.22.0 - 4.25.0\n URL: https://www.arista.com/assets/data/SecurityAdvisories/SA69/SecurityAdvisory0069Hotfix-4.22-4.25.0.swix\n SWIX hash: (SHA512)36fc77d7ff5de2aacfff822bac4e054137a5ebf7d54f283cd4d4be05f15a2c1e448245080e0be11122831bb672d1d777724a8bcbbf029e32a3611d6002e2cf10\n\nRelease versions: 4.25.1 - 4.26.1\n URL: https://www.arista.com/assets/data/SecurityAdvisories/SA69/SecurityAdvisory0069Hotfix-4.25.1-4.26.1.swix\n SWIX hash: (SHA512)c8d5a8ab801c7e45dbc0f062f738f3af72084b451a7734c5607a884d648d88b37d7a8451d09dd0a051728199f4b6b0c0bef76b5c3862a668298410cbce55e085"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "The restriction of access to the related CLI show command of specified role type can be used as an immediate mitigation. \nThe detailed instructions of role-based authorization can be found at https://www.arista.com/um-eos/eos-user-security#xx1347683."
}
]
}

450
2021/29xxx/CVE-2021-29873.json
View File

@ -1,229 +1,229 @@
{
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
}
]
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "H",
"AV" : "N",
"I" : "H",
"PR" : "L",
"C" : "H",
"S" : "U",
"UI" : "N",
"SCORE" : "8.800",
"AC" : "L"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"description": {
"description_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "FlashSystem 900",
"version" : {
"version_data" : [
{
"version_value" : "1.6.1.4"
},
{
"version_value" : "1.5.2.10"
}
]
}
},
{
"product_name" : "FlashSystem V9000",
"version" : {
"version_data" : [
{
"version_value" : "7.8"
},
{
"version_value" : "8.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.8"
},
{
"version_value" : "8.4"
}
]
},
"product_name" : "Storwize V3500"
},
{
"product_name" : "Storwize V5000",
"version" : {
"version_data" : [
{
"version_value" : "7.8"
},
{
"version_value" : "8.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "8.4"
},
{
"version_value" : "7.8"
}
]
},
"product_name" : "Storwize V5100"
},
{
"version" : {
"version_data" : [
{
"version_value" : "8.4"
},
{
"version_value" : "7.8"
}
]
},
"product_name" : "FlashSystem 9100 Family"
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.8"
},
{
"version_value" : "8.4"
}
]
},
"product_name" : "Storwize V3700"
},
{
"product_name" : "SAN Volume Controller",
"version" : {
"version_data" : [
{
"version_value" : "7.8"
},
{
"version_value" : "8.4"
}
]
}
},
{
"product_name" : "Storwize V7000",
"version" : {
"version_data" : [
{
"version_value" : "8.4"
},
{
"version_value" : "7.8"
}
]
}
},
{
"product_name" : "Spectrum Virtualize Software",
"version" : {
"version_data" : [
{
"version_value" : "7.8"
},
{
"version_value" : "8.4"
}
]
}
},
{
"version" : {
"version_data" : [
{
"version_value" : "7.8"
},
{
"version_value" : "8.4"
}
]
},
"product_name" : "Spectrum Virtualize for Public Cloud"
}
]
}
"lang": "eng",
"value": "IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229."
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6497111 (SAN Volume Controller)",
"name" : "https://www.ibm.com/support/pages/node/6497111",
"url" : "https://www.ibm.com/support/pages/node/6497111",
"refsource" : "CONFIRM"
},
{
"url" : "https://www.ibm.com/support/pages/node/6507091",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6507091 (FlashSystem 900)",
"name" : "https://www.ibm.com/support/pages/node/6507091"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-storwize-cve202129873-priv-escalation (206229)"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-29873",
"DATE_PUBLIC" : "2021-10-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
},
"data_version": "4.0",
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"A": "H",
"AV": "N",
"I": "H",
"PR": "L",
"C": "H",
"S": "U",
"UI": "N",
"SCORE": "8.800",
"AC": "L"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "FlashSystem 900",
"version": {
"version_data": [
{
"version_value": "1.6.1.4"
},
{
"version_value": "1.5.2.10"
}
]
}
},
{
"product_name": "FlashSystem V9000",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
},
"product_name": "Storwize V3500"
},
{
"product_name": "Storwize V5000",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
},
"product_name": "Storwize V5100"
},
{
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
},
"product_name": "FlashSystem 9100 Family"
},
{
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
},
"product_name": "Storwize V3700"
},
{
"product_name": "SAN Volume Controller",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"product_name": "Storwize V7000",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "7.8"
}
]
}
},
{
"product_name": "Spectrum Virtualize Software",
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
}
},
{
"version": {
"version_data": [
{
"version_value": "7.8"
},
{
"version_value": "8.4"
}
]
},
"product_name": "Spectrum Virtualize for Public Cloud"
}
]
}
}
]
}
]
},
"data_format" : "MITRE"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6497111 (SAN Volume Controller)",
"name": "https://www.ibm.com/support/pages/node/6497111",
"url": "https://www.ibm.com/support/pages/node/6497111",
"refsource": "CONFIRM"
},
{
"url": "https://www.ibm.com/support/pages/node/6507091",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6507091 (FlashSystem 900)",
"name": "https://www.ibm.com/support/pages/node/6507091"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206229",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-storwize-cve202129873-priv-escalation (206229)"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-29873",
"DATE_PUBLIC": "2021-10-20T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE"
}

178
2021/29xxx/CVE-2021-29883.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6507077",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6507077 (Transformation Extender Advanced)",
"name" : "https://www.ibm.com/support/pages/node/6507077"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-spe-cve202129883-info-disc (207090)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/207090",
"refsource" : "XF"
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2021-29883",
"DATE_PUBLIC" : "2021-10-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Transformation Extender Advanced",
"version" : {
"version_data" : [
{
"version_value" : "9.0"
},
{
"version_value" : "10.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
"url": "https://www.ibm.com/support/pages/node/6507077",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6507077 (Transformation Extender Advanced)",
"name": "https://www.ibm.com/support/pages/node/6507077"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-spe-cve202129883-info-disc (207090)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207090",
"refsource": "XF"
}
]
}
},
"data_format" : "MITRE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2021-29883",
"DATE_PUBLIC": "2021-10-20T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Transformation Extender Advanced",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090."
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"AC" : "L",
"UI" : "R",
"SCORE" : "4.300",
"S" : "U",
"C" : "L",
"PR" : "N",
"I" : "N",
"AV" : "N",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_version" : "4.0"
}
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090."
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"AC": "L",
"UI": "R",
"SCORE": "4.300",
"S": "U",
"C": "L",
"PR": "N",
"I": "N",
"AV": "N",
"A": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
},
"data_version": "4.0"
}

61
2021/42xxx/CVE-2021-42327.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
},
{
"refsource": "MISC",
"name": "https://www.mail-archive.com/amd-gfx@lists.freedesktop.org/msg69080.html",
"url": "https://www.mail-archive.com/amd-gfx@lists.freedesktop.org/msg69080.html"
}
]
}