admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-10 18:00:42 +00:00
parent 3a22f207c0
commit 696613a259
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 380 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2019/17xxx/CVE-2019-17558.json
View File

@ -153,6 +153,16 @@
"refsource": "MLIST",
"name": "[lucene-solr-user] 20210203 Re: SolrCloud keeps crashing",
"url": "https://lists.apache.org/thread.html/r79c7e75f90e735fd32c4e3e97340625aab66c09dfe8c4dc0ab768b69@%3Csolr-user.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham edited a comment on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability",
"url": "https://lists.apache.org/thread.html/re8d12db916b5582a23ed144b9c5abd0bea0be1649231aa880f6cbfff@%3Cissues.lucene.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability",
"url": "https://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca26c37bbad45e31de@%3Cissues.lucene.apache.org%3E"
}
]
},

182
2020/5xxx/CVE-2020-5023.json
View File

@ -1,93 +1,93 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Plus",
"version" : {
"version_data" : [
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"CVE_data_meta" : {
"ID" : "CVE-2020-5023",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-02-09T00:00:00"
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"PR" : "N",
"I" : "N",
"C" : "N",
"A" : "H",
"AC" : "L",
"UI" : "N",
"S" : "U",
"SCORE" : "7.500",
"AV" : "N"
}
}
},
"data_format" : "MITRE",
"data_version" : "4.0",
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Denial of Service",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Plus",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.",
"lang" : "eng"
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6410888 (Spectrum Protect Plus)",
"name" : "https://www.ibm.com/support/pages/node/6410888",
"url" : "https://www.ibm.com/support/pages/node/6410888",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/193659",
"refsource" : "XF",
"name" : "ibm-spectrum-cve20205023-dos (193659)",
"title" : "X-Force Vulnerability Report"
}
]
}
}
}
},
"CVE_data_meta": {
"ID": "CVE-2020-5023",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-09T00:00:00"
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"PR": "N",
"I": "N",
"C": "N",
"A": "H",
"AC": "L",
"UI": "N",
"S": "U",
"SCORE": "7.500",
"AV": "N"
}
}
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Denial of Service",
"lang": "eng"
}
]
}
]
},
"description": {
"description_data": [
{
"value": "IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.",
"lang": "eng"
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6410888 (Spectrum Protect Plus)",
"name": "https://www.ibm.com/support/pages/node/6410888",
"url": "https://www.ibm.com/support/pages/node/6410888",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193659",
"refsource": "XF",
"name": "ibm-spectrum-cve20205023-dos (193659)",
"title": "X-Force Vulnerability Report"
}
]
}
}

199
2021/20xxx/CVE-2021-20353.json
View File

@ -1,99 +1,104 @@
{
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
},
"product_name" : "WebSphere Application Server"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
},
"BM" : {
"AV" : "N",
"SCORE" : "8.200",
"S" : "U",
"UI" : "N",
"AC" : "L",
"C" : "H",
"A" : "L",
"I" : "N",
"PR" : "N"
}
}
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-02-09T00:00:00",
"ID" : "CVE-2021-20353"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882."
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6413709 (WebSphere Application Server)",
"name" : "https://www.ibm.com/support/pages/node/6413709",
"url" : "https://www.ibm.com/support/pages/node/6413709",
"refsource" : "CONFIRM"
},
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/194882",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"name" : "ibm-websphere-cve202120353-xxe (194882)"
}
]
},
"data_version" : "4.0",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"data_format": "MITRE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
},
"product_name": "WebSphere Application Server"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_type" : "CVE"
}
}
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
},
"BM": {
"AV": "N",
"SCORE": "8.200",
"S": "U",
"UI": "N",
"AC": "L",
"C": "H",
"A": "L",
"I": "N",
"PR": "N"
}
}
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-02-09T00:00:00",
"ID": "CVE-2021-20353"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882."
}
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6413709 (WebSphere Application Server)",
"name": "https://www.ibm.com/support/pages/node/6413709",
"url": "https://www.ibm.com/support/pages/node/6413709",
"refsource": "CONFIRM"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/194882",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-websphere-cve202120353-xxe (194882)"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-174/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-174/"
}
]
},
"data_version": "4.0",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_type": "CVE"
}

61
2021/26xxx/CVE-2021-26936.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/matanui159/ReplaySorcery/releases",
"refsource": "MISC",
"name": "https://github.com/matanui159/ReplaySorcery/releases"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/02/10/1",
"url": "http://www.openwall.com/lists/oss-security/2021/02/10/1"
}
]
}

56
2021/26xxx/CVE-2021-26938.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26938",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored XSS issue exists in henriquedornas 5.2.17 via online live chat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/0xrayan/CVE-/discussions/2",
"url": "https://github.com/0xrayan/CVE-/discussions/2"
}
]
}

56
2021/26xxx/CVE-2021-26939.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/0xrayan/CVE-/discussions/4",
"url": "https://github.com/0xrayan/CVE-/discussions/4"
}
]
}

18
2021/27xxx/CVE-2021-27138.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2021/3xxx/CVE-2021-3033.json
View File

@ -70,7 +70,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user.\nThis issue impacts:\n\nAll versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1.\n\nPrisma Cloud Compute SaaS version is not impacted by this vulnerability.\n\n\n"
"value": "An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability."
}
]
},
@ -114,8 +114,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3033"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3033",
"name": "https://security.paloaltonetworks.com/CVE-2021-3033"
}
]
},