admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-23 20:00:42 +00:00
parent 5505e571f3
commit 501c367e03
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 115 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2020/24xxx/CVE-2020-24994.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24994",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.14.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libass/libass/issues/422",
"refsource": "MISC",
"name": "https://github.com/libass/libass/issues/422"
},
{
"refsource": "MISC",
"name": "https://github.com/libass/libass/issues/423",
"url": "https://github.com/libass/libass/issues/423"
}
]
}

82
2021/23xxx/CVE-2021-23361.json
View File

@ -3,90 +3,16 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-03-23T10:11:10.481864Z",
"ID": "CVE-2021-23361",
"STATE": "PUBLIC",
"TITLE": "Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "fis-kernel",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-FISKERNEL-1088057",
"name": "https://snyk.io/vuln/SNYK-JS-FISKERNEL-1088057"
},
{
"refsource": "MISC",
"url": "https://github.com/fex-team/fis-kernel/blob/master/lib/util.js%23L948",
"name": "https://github.com/fex-team/fis-kernel/blob/master/lib/util.js%23L948"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package fis-kernel. The function util.nohup in fis3 is vulnerable to command injection in non-windows systems (e.g., Linux)."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:F/RL:U/RC:C",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "zpbrent(zhou.peng@shu)"
}
]
}
}

7
2021/27xxx/CVE-2021-27908.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautics configuration that are used in publicly facing parts of the application."
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."
}
]
},
@ -84,8 +84,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx",
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
]
},

55
2021/3xxx/CVE-2021-3392.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "between 2.10.0 and 5.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924042"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/qemu/+bug/1914236",
"url": "https://bugs.launchpad.net/qemu/+bug/1914236"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected."
}
]
}