admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-03 03:00:57 +00:00
parent a48a217f42
commit 858301bdab
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 135 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/25xxx/CVE-2021-25287.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470",
"url": "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-77756994ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/"
}
]
}

5
2021/25xxx/CVE-2021-25288.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470",
"url": "https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-77756994ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/"
}
]
}

5
2021/28xxx/CVE-2021-28675.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-77756994ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/"
}
]
}

5
2021/28xxx/CVE-2021-28676.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/python-pillow/Pillow/pull/5377",
"url": "https://github.com/python-pillow/Pillow/pull/5377"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-77756994ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/"
}
]
}

5
2021/28xxx/CVE-2021-28677.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/python-pillow/Pillow/pull/5377",
"url": "https://github.com/python-pillow/Pillow/pull/5377"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-77756994ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/"
}
]
}

5
2021/28xxx/CVE-2021-28678.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/python-pillow/Pillow/pull/5377",
"url": "https://github.com/python-pillow/Pillow/pull/5377"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-77756994ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/"
}
]
}

9
2021/28xxx/CVE-2021-28806.json
View File

@ -63,7 +63,7 @@
"credit": [
{
"lang": "eng",
"value": "Marcin Zięba"
"value": "Marcin Zi\u0119ba"
}
],
"data_format": "MITRE",
@ -73,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. \n\nThis issue affects:\nQNAP Systems Inc. QTS\nversions prior to 4.5.3.1652 Build 20210428.\nQNAP Systems Inc. QuTS hero\nversions prior to h4.5.2.1638 Build 20210414.\nQNAP Systems Inc. QuTScloud\nversions prior to c4.5.5.1656 Build 20210503.\n\nThis issue does not affect:\nQNAP Systems Inc. QTS\n4.3.6;\n4.3.3."
"value": "A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 Build 20210414. QNAP Systems Inc. QuTScloud versions prior to c4.5.5.1656 Build 20210503. This issue does not affect: QNAP Systems Inc. QTS 4.3.6; 4.3.3."
}
]
},
@ -111,8 +111,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-22"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-22",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-22"
}
]
},

11
2021/28xxx/CVE-2021-28807.json
View File

@ -13,7 +13,7 @@
"product": {
"product_data": [
{
"product_name": "Qcenter",
"product_name": "Q\u2019center",
"version": {
"version_data": [
{
@ -64,7 +64,7 @@
"description_data": [
{
"lang": "eng",
"value": "A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Qcenter. If exploited, this vulnerability allows remote attackers to inject malicious code.\nQNAP have already fixed this vulnerability in the following versions of Qcenter:\n\nQTS 4.5.3: Qcenter v1.12.1012 and later\nQTS 4.3.6: Qcenter v1.10.1004 and later\nQTS 4.3.3: Qcenter v1.10.1004 and later\nQuTS hero h4.5.2: Qcenter v1.12.1012 and later\nQuTScloud c4.5.4: Qcenter v1.12.1012 and later\n"
"value": "A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q\u2019center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q\u2019center: QTS 4.5.3: Q\u2019center v1.12.1012 and later QTS 4.3.6: Q\u2019center v1.10.1004 and later QTS 4.3.3: Q\u2019center v1.10.1004 and later QuTS hero h4.5.2: Q\u2019center v1.12.1012 and later QuTScloud c4.5.4: Q\u2019center v1.12.1012 and later"
}
]
},
@ -102,15 +102,16 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-20"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-20",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-20"
}
]
},
"solution": [
{
"lang": "eng",
"value": "QNAP have already fixed this vulnerability in the following versions of Qcenter:\n\nQTS 4.5.3: Qcenter v1.12.1012 and later\nQTS 4.3.6: Qcenter v1.10.1004 and later\nQTS 4.3.3: Qcenter v1.10.1004 and later\nQuTS hero h4.5.2: Qcenter v1.12.1012 and later\nQuTScloud c4.5.4: Qcenter v1.12.1012 and later\n"
"value": "QNAP have already fixed this vulnerability in the following versions of Q\u2019center:\n\nQTS 4.5.3: Q\u2019center v1.12.1012 and later\nQTS 4.3.6: Q\u2019center v1.10.1004 and later\nQTS 4.3.3: Q\u2019center v1.10.1004 and later\nQuTS hero h4.5.2: Q\u2019center v1.12.1012 and later\nQuTScloud c4.5.4: Q\u2019center v1.12.1012 and later\n"
}
],
"source": {

7
2021/28xxx/CVE-2021-28812.json
View File

@ -64,7 +64,7 @@
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands.\n\nThis issue affects:\nQNAP Systems Inc. Video Station\nversions prior to 5.5.4 on QTS 4.5.2;\nversions prior to 5.5.4 on QuTS hero h4.5.2;\nversions prior to 5.5.4 on QuTScloud c4.5.4.\n\nThis issue does not affect:\nQNAP Systems Inc. Video Station\n on QTS 4.3.6;\n on QTS 4.3.3."
"value": "A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3."
}
]
},
@ -118,8 +118,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-21"
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-21",
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-21"
}
]
},

10
2021/32xxx/CVE-2021-32062.json
View File

@ -71,6 +71,16 @@
"url": "https://mapserver.org/development/changelog/changelog-7-0.html",
"refsource": "MISC",
"name": "https://mapserver.org/development/changelog/changelog-7-0.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-74dadee887",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNORAZCJ7AIPJFUY6WGLYIA3QVPWFXFY/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-faab70f09a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVWUC4EOW5WZAZGPLRTZS5QXNUEBPQ5/"
}
]
}

62
2021/33xxx/CVE-2021-33805.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the reference implementation of FUSE before 2.9.8, local attackers were able to specify the allow_other option even if forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/libfuse/libfuse/releases/tag/fuse-2.9.8",
"refsource": "MISC",
"name": "https://github.com/libfuse/libfuse/releases/tag/fuse-2.9.8"
}
]
}
}

18
2021/33xxx/CVE-2021-33806.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}