admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-31 15:00:41 +00:00
parent e3af6995f8
commit 49e9e413a4
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 145 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
2021/21xxx/CVE-2021-21295.json
View File

@ -213,6 +213,41 @@
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] ayushmantri opened a new pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r6a29316d758db628a1df49ca219d64caf493999b52cc77847bfba675@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad commented on pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r5470456cf1409a99893ae9dd57439799f6dc1a60fda90e11570f66fe@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] arshadmohammad closed pull request #1670: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/rbed09768f496244a2e138dbbe6d2847ddf796c9c8ef9e50f2e3e30d9@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-notifications] 20210331 [GitHub] [zookeeper] asfgit closed pull request #1669: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r5232e33a1f3b310a3e083423f736f3925ebdb150844d60ac582809f8@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r6a122c25e352eb134d01e7f4fc4d345a491c5ee9453fef6fc754d15b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-commits] 20210331 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r22adb45fe902aeafcd0a1c4db13984224a667676c323c66db3af38a1@%3Ccommits.zookeeper.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de@%3Cnotifications.zookeeper.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r8db1d7b3b9acc9e8d2776395e280eb9615dd7790e1da8c57039963de@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-commits] 20210331 [zookeeper] branch master updated: ZOOKEEPER-4272: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295",
"url": "https://lists.apache.org/thread.html/r837bbcbf12e335e83ab448b1bd2c1ad7e86efdc14034b23811422e6a@%3Ccommits.zookeeper.apache.org%3E"
}
]
},

53
2021/22xxx/CVE-2021-22986.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22986",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP; BIG-IQ",
"version": {
"version_data": [
{
"version_value": "BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3"
},
{
"version_value": "BIG-IQ 7.1.0.x before 7.1.0.3, 7.0.0.x before 7.0.0.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K03009991",
"url": "https://support.f5.com/csp/article/K03009991"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated."
}
]
}

50
2021/22xxx/CVE-2021-22988.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "f5sirt@f5.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, 11.6.x before 11.6.5.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K70031188",
"url": "https://support.f5.com/csp/article/K70031188"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated."
}
]
}

22
2021/23xxx/CVE-2021-23348.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-PORTPROCESSES-1078536"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-PORTPROCESSES-1078536",
"name": "https://snyk.io/vuln/SNYK-JS-PORTPROCESSES-1078536"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/rrainn/PortProcesses/blob/fffceb09aff7180afbd0bd172e820404b33c8299/index.js%23L23"
"refsource": "MISC",
"url": "https://github.com/rrainn/PortProcesses/blob/fffceb09aff7180afbd0bd172e820404b33c8299/index.js%23L23",
"name": "https://github.com/rrainn/PortProcesses/blob/fffceb09aff7180afbd0bd172e820404b33c8299/index.js%23L23"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/rrainn/PortProcesses/security/advisories/GHSA-vm67-7vmg-66vm"
"refsource": "MISC",
"url": "https://github.com/rrainn/PortProcesses/security/advisories/GHSA-vm67-7vmg-66vm",
"name": "https://github.com/rrainn/PortProcesses/security/advisories/GHSA-vm67-7vmg-66vm"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/rrainn/PortProcesses/commit/86811216c9b97b01b5722f879f8c88a7aa4214e1"
"refsource": "MISC",
"url": "https://github.com/rrainn/PortProcesses/commit/86811216c9b97b01b5722f879f8c88a7aa4214e1",
"name": "https://github.com/rrainn/PortProcesses/commit/86811216c9b97b01b5722f879f8c88a7aa4214e1"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package portprocesses before 1.0.5.\n If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands.\r\nThis is due to use of the child_process exec function without input sanitization.\r\n\r\n\r\n"
"value": "This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization."
}
]
},