admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-21 03:01:03 +00:00
parent d12aa4e3c9
commit 5e1f3b2561
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 201 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2021/1xxx/CVE-2021-1529.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.\r The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.\r "
"value": "A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/34xxx/CVE-2021-34736.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart.\r The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition.\r "
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to cause the web-based management interface to unexpectedly restart. The vulnerability is due to insufficient input validation on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause the interface to restart, resulting in a denial of service (DoS) condition."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/34xxx/CVE-2021-34738.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/34xxx/CVE-2021-34743.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent.\r This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user's behalf without the express consent of the user, possibly allowing external applications to read data from that user's profile.\r "
"value": "A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user's behalf without the express consent of the user, possibly allowing external applications to read data from that user's profile."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/34xxx/CVE-2021-34760.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r "
"value": "A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/34xxx/CVE-2021-34789.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system.\r This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials.\r "
"value": "A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

186
2021/39xxx/CVE-2021-39126.json
View File

@ -1,95 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-09-14T00:00:00",
"ID": "CVE-2021-39126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-09-14T00:00:00",
"ID": "CVE-2021-39126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.5.10",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.1",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.5.10",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.5.10",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.1",
"version_affected": "<"
}
]
}
},{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.5.10",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)"
}
]
},{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-71806"
}
]
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-71806",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JRASERVER-71806"
}
]
}
}

173
2021/39xxx/CVE-2021-39127.json
View File

@ -1,88 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-09-14T00:00:00",
"ID": "CVE-2021-39127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.5.10",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.1",
"version_affected": "<"
}
]
}
},{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.5.10",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-09-14T00:00:00",
"ID": "CVE-2021-39127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_value": "8.5.10",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.1",
"version_affected": "<"
}
]
}
},
{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_value": "8.5.10",
"version_affected": "<"
},
{
"version_value": "8.6.0",
"version_affected": ">="
},
{
"version_value": "8.13.1",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-72003"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-72003",
"refsource": "MISC",
"name": "https://jira.atlassian.com/browse/JRASERVER-72003"
}
]
}
}

4
2021/40xxx/CVE-2021-40121.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -84,4 +84,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/40xxx/CVE-2021-40122.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition.\r "
"value": "A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper handling of large series of message requests. An attacker could exploit this vulnerability by sending a series of messages to the vulnerable API. A successful exploit could allow the attacker to cause the affected device to reload, dropping all ongoing calls and resulting in a DoS condition."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/40xxx/CVE-2021-40123.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted.\r This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted.\r "
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}