admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-04-06 19:00:42 +00:00
parent 75b8b0fdba
commit 6794403e29
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
14 changed files with 240 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/21xxx/CVE-2021-21341.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21342.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21343.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21344.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21345.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21346.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21347.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21348.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21349.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21350.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21351.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210403 [SECURITY] [DLA 2616-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00002.html"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210406 [GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)",
"url": "https://lists.apache.org/thread.html/r9ac71b047767205aa22e3a08cb33f3e0586de6b2fac48b425c6e16b0@%3Cdev.jmeter.apache.org%3E"
}
]
},

2
2021/21xxx/CVE-2021-21423.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen's `NodeProject` project type (including any project type derived from it) include a `.github/workflows/rebuild-bot.yml` workflow that may allow any GitHub user to trigger execution of un-trusted code in the context of the \"main\" repository (as opposed to that of a fork). In some situations, such untrusted code may potentially be able to commit to the \"main\" repository.\n \nThe rebuild-bot workflow is triggered by comments including `@projen rebuild` on pull-request to trigger a re-build of the projen project, and updating the pull request with the updated files. This workflow is triggered by an `issue_comment` event, and thus always executes with a `GITHUB_TOKEN` belonging to the repository into which the pull-request is made (this is in contrast with workflows triggered by `pull_request` events, which always execute with a `GITHUB_TOKEN` belonging to the repository from which the pull-request is made).\n \nRepositories that do not have branch protection configured on their default branch (typically `main` or `master`) could possibly allow an untrusted user to gain access to secrets configured on the repository (such as NPM tokens, etc). Branch protection prohibits this escalation, as the managed `GITHUB_TOKEN` would not be able to modify the contents of a protected branch and affected workflows must be defined on the default branch. "
"value": "`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen's `NodeProject` project type (including any project type derived from it) include a `.github/workflows/rebuild-bot.yml` workflow that may allow any GitHub user to trigger execution of un-trusted code in the context of the \"main\" repository (as opposed to that of a fork). In some situations, such untrusted code may potentially be able to commit to the \"main\" repository. The rebuild-bot workflow is triggered by comments including `@projen rebuild` on pull-request to trigger a re-build of the projen project, and updating the pull request with the updated files. This workflow is triggered by an `issue_comment` event, and thus always executes with a `GITHUB_TOKEN` belonging to the repository into which the pull-request is made (this is in contrast with workflows triggered by `pull_request` events, which always execute with a `GITHUB_TOKEN` belonging to the repository from which the pull-request is made). Repositories that do not have branch protection configured on their default branch (typically `main` or `master`) could possibly allow an untrusted user to gain access to secrets configured on the repository (such as NPM tokens, etc). Branch protection prohibits this escalation, as the managed `GITHUB_TOKEN` would not be able to modify the contents of a protected branch and affected workflows must be defined on the default branch."
}
]
},

329
2021/28xxx/CVE-2021-28688.json
View File

@ -1,165 +1,168 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28688"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux",
"version" : {
"version_data" : [
{
"version_affected" : "?<",
"version_value" : "4.12"
},
{
"version_affected" : ">=",
"version_value" : "3.11"
},
{
"version_affected" : "!>",
"version_value" : "4.3"
}
]
}
},
{
"product_name" : "Linux",
"version" : {
"version_data" : [
{
"version_value" : "5.11.1"
}
]
}
},
{
"product_name" : "Linux",
"version" : {
"version_data" : [
{
"version_value" : "5.12-rc"
}
]
}
},
{
"product_name" : "Linux",
"version" : {
"version_data" : [
{
"version_value" : "5.10.18"
}
]
}
},
{
"product_name" : "Linux",
"version" : {
"version_data" : [
{
"version_affected" : "?<",
"version_value" : "4.12"
},
{
"version_affected" : "?>=",
"version_value" : "4.4"
},
{
"version_affected" : "!>",
"version_value" : "5.9"
}
]
}
}
]
},
"vendor_name" : "Linux"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": ">=",
"version_value": "3.11"
},
{
"version_affected": "!>",
"version_value": "4.3"
}
]
}
},
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_value": "5.11.1"
}
]
}
},
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_value": "5.12-rc"
}
]
}
},
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_value": "5.10.18"
}
]
}
},
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": "?>=",
"version_value": "4.4"
},
{
"version_affected": "!>",
"version_value": "5.9"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Linux versions having the fix for XSA-365 applied are vulnerable.\nXSA-365 was classified to affect versions back to at least 3.11."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Linux versions having the fix for XSA-365 applied are vulnerable.\nXSA-365 was classified to affect versions back to at least 3.11."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Nicolai Stange of SUSE."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fix for XSA-365 includes initialization of pointers such that\nsubsequent cleanup code wouldn't use uninitialized or stale values.\nThis initialization went too far and may under certain conditions also\noverwrite pointers which are in need of cleaning up. The lack of\ncleanup would result in leaking persistent grants. The leak in turn\nwould prevent fully cleaning up after a respective guest has died,\nleaving around zombie domains.\n\n\nAll Linux versions having the fix for XSA-365 applied are vulnerable.\nXSA-365 was classified to affect versions back to at least 3.11."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver. This can result in a host-wide\nDenial of Sevice (DoS)."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-371.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Reconfiguring guests to use alternative (e.g. qemu-based) backends may\navoid the vulnerability.\n\nAvoiding the use of persistent grants will also avoid the vulnerability.\nThis can be achieved by passing the \"feature_persistent=0\" module option\nto the xen-blkback driver."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Nicolai Stange of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver. This can result in a host-wide\nDenial of Sevice (DoS)."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-371.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-371.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reconfiguring guests to use alternative (e.g. qemu-based) backends may\navoid the vulnerability.\n\nAvoiding the use of persistent grants will also avoid the vulnerability.\nThis can be achieved by passing the \"feature_persistent=0\" module option\nto the xen-blkback driver."
}
]
}
}
}
}

18
2021/30xxx/CVE-2021-30177.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-30177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}