mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-07 11:06:39 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
eb033d2291
commit
475402dfd2
@ -1,18 +1,102 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@solarwinds.com",
|
||||
"DATE_PUBLIC": "2021-10-19T14:45:00.000Z",
|
||||
"ID": "CVE-2021-35231",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Unquoted Path (SMB Login) Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Kiwi Syslog Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "9.7.2 and previous versions ",
|
||||
"version_value": "9.8"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "SolarWinds"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: \"Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Kiwi Syslog Server\\Parameters\\Application\"."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.7,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-428 Unquoted Search Path or Element"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35231",
|
||||
"name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35231"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm",
|
||||
"name": "https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SolarWinds advises Kiwi Syslog Server customers to upgrade to the latest version (9.8) once it becomes generally available."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"CVE-2021-35231"
|
||||
],
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -54,7 +54,7 @@
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Apache Storm would like to thank @pwntester Alvaro Muñoz of the GitHub Security Lab team for reporting this issue."
|
||||
"value": "Apache Storm would like to thank @pwntester Alvaro Mu\u00f1oz of the GitHub Security Lab team for reporting this issue."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
@ -64,7 +64,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication. "
|
||||
"value": "A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -91,12 +91,14 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E",
|
||||
"name": "https://lists.apache.org/thread.html/r5fe881f6ca883908b7a0f005d35115af49f43beea7a8b0915e377859%40%3Cuser.storm.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://seclists.org/oss-sec/2021/q4/44"
|
||||
"refsource": "MISC",
|
||||
"url": "https://seclists.org/oss-sec/2021/q4/44",
|
||||
"name": "https://seclists.org/oss-sec/2021/q4/44"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -70,7 +70,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
|
||||
"value": "An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -53,7 +53,7 @@
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Apache Storm would like to thank @pwntester Alvaro Muñoz of the GitHub Security Lab team for reporting this issue."
|
||||
"value": "Apache Storm would like to thank @pwntester Alvaro Mu\u00f1oz of the GitHub Security Lab team for reporting this issue."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
@ -90,12 +90,14 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E"
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E",
|
||||
"name": "https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://seclists.org/oss-sec/2021/q4/45"
|
||||
"refsource": "MISC",
|
||||
"url": "https://seclists.org/oss-sec/2021/q4/45",
|
||||
"name": "https://seclists.org/oss-sec/2021/q4/45"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user