admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-05 18:00:44 +00:00
parent c32253cb03
commit 65055ec2c0
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 269 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/8xxx/CVE-2017-8461.json
View File

@ -66,6 +66,11 @@
"name": "1038701",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038701"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161672/Microsoft-Windows-RRAS-Service-MIBEntryGet-Overflow.html",
"url": "http://packetstormsecurity.com/files/161672/Microsoft-Windows-RRAS-Service-MIBEntryGet-Overflow.html"
}
]
}

2
2018/18xxx/CVE-2018-18557.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "LibTIFF 3.9.3, 3.9.4, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write."
"value": "LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write."
}
]
},

5
2019/15xxx/CVE-2019-15297.json
View File

@ -66,6 +66,11 @@
"refsource": "FULLDISC",
"name": "20210304 AST-2021-006: Crash when negotiating T.38 with a zero port",
"url": "http://seclists.org/fulldisclosure/2021/Mar/5"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html",
"url": "http://packetstormsecurity.com/files/161671/Asterisk-Project-Security-Advisory-AST-2021-006.html"
}
]
}

27
2020/28xxx/CVE-2020-28502.json
View File

@ -66,24 +66,29 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935",
"name": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936",
"name": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480"
"refsource": "MISC",
"url": "https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480",
"name": "https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480"
}
]
},
@ -91,7 +96,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl.\n Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.\r\n\r\n"
"value": "This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run."
}
]
},

7
2020/29xxx/CVE-2020-29134.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "TOTVS Fluig Luke platform allows directory traversal via a base64 encoded file=../ to a volume/stream/ URI. This affects: Fluig Lake 1.7.0-210217 Fluig Lake 1.7.0-210112 Fluig Lake 1.7.0-201215 Fluig Lake 1.7.0-201124 Fluig Lake 1.7.0-200915"
"value": "TOTVS Fluig Luke 1.7.0 allows directory traversal via a base64 encoded file=../ to a volume/stream/ URI. This affects: Fluig Lake 1.7.0-210217, Fluig Lake 1.7.0-210112, Fluig Lake 1.7.0-201215, Fluig Lake 1.7.0-201124 and Fluig Lake 1.7.0-200915."
}
]
},
@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/lucxssouza/CVE-2020-29134",
"url": "https://github.com/lucxssouza/CVE-2020-29134"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/49622",
"url": "https://www.exploit-db.com/exploits/49622"
}
]
}

56
2021/27xxx/CVE-2021-27099.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the \"aws_iid\" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/spiffe/spire/security/advisories/GHSA-q7gm-mjrg-44h9",
"url": "https://github.com/spiffe/spire/security/advisories/GHSA-q7gm-mjrg-44h9"
}
]
}

62
2021/28xxx/CVE-2021-28038.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://xenbits.xen.org/xsa/advisory-367.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-367.html"
}
]
}
}

62
2021/28xxx/CVE-2021-28039.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://xenbits.xen.org/xsa/advisory-369.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-369.html"
}
]
}
}

62
2021/28xxx/CVE-2021-28040.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ossec/ossec-hids/issues/1953",
"refsource": "MISC",
"name": "https://github.com/ossec/ossec-hids/issues/1953"
}
]
}
}