admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-03-26 22:00:43 +00:00
parent 6460727a7e
commit 7fc82ce4b2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
11 changed files with 294 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2019/14xxx/CVE-2019-14846.json
View File

@ -113,7 +113,7 @@
"description_data": [
{
"lang": "eng",
"value": "Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ansible_engine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process."
"value": "In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process."
}
]
},

55
2021/20xxx/CVE-2021-20206.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "containernetworking-cni",
"version": {
"version_data": [
{
"version_value": "containernetworking/cni 0.8.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20->CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
}

10
2021/21xxx/CVE-2021-21372.json
View File

@ -80,16 +80,16 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p",
"refsource": "CONFIRM",
"url": "https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p"
},
{
"name": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/",
"refsource": "MISC",
"url": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/"
},
{
"name": "https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p",
"refsource": "CONFIRM",
"url": "https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p"
},
{
"name": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130",
"refsource": "MISC",

12
2021/21xxx/CVE-2021-21373.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.\n\n\n"
"value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution."
}
]
},
@ -72,11 +72,6 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8",
"refsource": "CONFIRM",
"url": "https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8"
},
{
"name": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/",
"refsource": "MISC",
@ -86,6 +81,11 @@
"name": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130",
"refsource": "MISC",
"url": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130"
},
{
"name": "https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8",
"refsource": "CONFIRM",
"url": "https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8"
}
]
},

12
2021/21xxx/CVE-2021-21374.json
View File

@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.\n\n"
"value": "Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, \"nimble refresh\" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution."
}
]
},
@ -88,11 +88,6 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx",
"refsource": "CONFIRM",
"url": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx"
},
{
"name": "https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/",
"refsource": "MISC",
@ -103,6 +98,11 @@
"refsource": "MISC",
"url": "https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130"
},
{
"name": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx",
"refsource": "CONFIRM",
"url": "https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx"
},
{
"name": "https://github.com/nim-lang/Nim/pull/16940",
"refsource": "MISC",

62
2021/29xxx/CVE-2021-29264.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f"
}
]
}
}

67
2021/29xxx/CVE-2021-29265.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9380afd6df70e24eacbdbde33afc6a3950965d22",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9380afd6df70e24eacbdbde33afc6a3950965d22"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7"
}
]
}
}

67
2021/29xxx/CVE-2021-29266.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.9"
}
]
}
}

18
2021/29xxx/CVE-2021-29267.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29267",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2021/3xxx/CVE-2021-3449.json
View File

@ -91,6 +91,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210326-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
}
]
}

5
2021/3xxx/CVE-2021-3450.json
View File

@ -86,6 +86,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210326-0006/",
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
}
]
}