admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-28 12:00:53 +00:00
parent 11ef4b449d
commit 6080558e68
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 224 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2015/8xxx/CVE-2015-8559.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages."
"value": "The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages."
}
]
},
@ -61,6 +61,16 @@
"name": "https://github.com/chef/chef/issues/3871",
"refsource": "CONFIRM",
"url": "https://github.com/chef/chef/issues/3871"
},
{
"refsource": "MISC",
"name": "https://discourse.chef.io/t/chef-infra-client-15-4-45-released/16081",
"url": "https://discourse.chef.io/t/chef-infra-client-15-4-45-released/16081"
},
{
"refsource": "MISC",
"name": "https://github.com/chef/chef/pull/8885",
"url": "https://github.com/chef/chef/pull/8885"
}
]
}

14
2018/1xxx/CVE-2018-1138.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1138",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1138",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Assigned as a duplicate of CVE-2019-14827."
}
]
}

5
2019/8xxx/CVE-2019-8261.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}

5
2019/8xxx/CVE-2019-8262.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}

5
2019/8xxx/CVE-2019-8263.json
View File

@ -82,6 +82,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}

5
2019/8xxx/CVE-2019-8264.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}

5
2019/8xxx/CVE-2019-8265.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}

5
2020/35xxx/CVE-2020-35669.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/dart-lang/http/issues/511",
"refsource": "MISC",
"name": "https://github.com/dart-lang/http/issues/511"
},
{
"refsource": "MISC",
"name": "https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133",
"url": "https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133"
}
]
}

75
2021/29xxx/CVE-2021-29157.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-29157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://dovecot.org/security",
"refsource": "MISC",
"name": "https://dovecot.org/security"
},
{
"refsource": "CONFIRM",
"name": "https://www.openwall.com/lists/oss-security/2021/06/28/1",
"url": "https://www.openwall.com/lists/oss-security/2021/06/28/1"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
}

5
2021/31xxx/CVE-2021-31540.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.gruppotim.it/redteam",
"url": "https://www.gruppotim.it/redteam"
},
{
"refsource": "MISC",
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes",
"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-8-12-release-notes"
}
]
}

50
2021/32xxx/CVE-2021-32496.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32496",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@sick.de",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SICK Visionary-S CX",
"version": {
"version_data": [
{
"version_value": "<5.21.2.29154R"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inadequate SSH configuration in Visionary-S CX"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories",
"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks."
}
]
}

61
2021/35xxx/CVE-2021-35514.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35514",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://vuln.ryotak.me/advisories/51",
"url": "https://vuln.ryotak.me/advisories/51"
},
{
"refsource": "MISC",
"name": "https://github.com/whiteleaf7/narou/blob/develop/ChangeLog.md#380-20210627",
"url": "https://github.com/whiteleaf7/narou/blob/develop/ChangeLog.md#380-20210627"
}
]
}