mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
fe9c5a2983
commit
7cb1b85627
@ -533,6 +533,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
|
||||
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17221) update log4j-1.2.17 to atlassian version( To Address: CVE-2019-17571)",
|
||||
"url": "https://lists.apache.org/thread.html/r9d2e28e71f91ba0b6f4114c8ecd96e2b1f7e0d06bdf8eb768c183aa9@%3Ccommon-issues.hadoop.apache.org%3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,18 +1,92 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-notifications-us@f-secure.com",
|
||||
"ID": "CVE-2021-33602",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Denial-of-Service (DoS) Vulnerability "
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant & F-Secure Cloud Protection for Salesforce",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All Version "
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "F-Secure"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Denial of Service Vulnerability"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
|
||||
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "FIX No User action is required. The required fix has been published through the automatic update channel with Capricorn update 2021-09-29_03"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
}
|
||||
}
|
||||
@ -1,70 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "security@trendmicro.com",
|
||||
"ID" : "CVE-2021-3848",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Trend Micro Apex One",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "2019, SaaS"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Trend Micro Worry-Free Business Security",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "10.0 SP1, Services (SaaS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Trend Micro"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Arbitrary File Creation by Privliege Escalation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://success.trendmicro.com/solution/000289183"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@trendmicro.com",
|
||||
"ID": "CVE-2021-3848",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Trend Micro Apex One",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2019, SaaS"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Trend Micro Worry-Free Business Security",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "10.0 SP1, Services (SaaS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Trend Micro"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Arbitrary File Creation by Privliege Escalation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://success.trendmicro.com/solution/000289183",
|
||||
"refsource": "MISC",
|
||||
"name": "https://success.trendmicro.com/solution/000289183"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user