admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-01-12 19:01:12 +00:00
parent 1df6d6ec8e
commit 861d9e4d18
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 433 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/20xxx/CVE-2021-20294.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=372dd157272e0674d13372655cc60eaca9c06926",
"url": "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=372dd157272e0674d13372655cc60eaca9c06926"
}
]
},

244
2021/35xxx/CVE-2021-35500.json
View File

@ -1,123 +1,123 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-01-12T17:00:00Z",
"ID": "CVE-2021-35500",
"STATE": "PUBLIC",
"TITLE": "TIBCO Data Virtualization Arbitrary File Download vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.3.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.4.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below.\n"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
}
],
"source": {
"discovery": "USER"
}
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-01-12T17:00:00Z",
"ID": "CVE-2021-35500",
"STATE": "PUBLIC",
"TITLE": "TIBCO Data Virtualization Arbitrary File Download vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.3.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.4.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.0"
}
]
}
},
{
"product_name": "TIBCO Data Virtualization for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "8.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read access to all files on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Data Virtualization versions 8.3.0 and below update to version 8.3.1 or later\nTIBCO Data Virtualization version 8.4.0 update to version 8.4.1 or later\nTIBCO Data Virtualization version 8.5.0 update to version 8.5.1 or later\nTIBCO Data Virtualization for AWS Marketplace versions 8.5.0 and below update to version 8.5.1 or later"
}
],
"source": {
"discovery": "USER"
}
}

56
2021/36xxx/CVE-2021-36417.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36417",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-36417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gpac/gpac/issues/1846",
"refsource": "MISC",
"name": "https://github.com/gpac/gpac/issues/1846"
}
]
}

61
2021/42xxx/CVE-2021-42560.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42560",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded \"SVG\" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mitre/caldera/releases",
"refsource": "MISC",
"name": "https://github.com/mitre/caldera/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42560-Unsafe%20XML%20Parsing-MITRE%20Caldera",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42560-Unsafe%20XML%20Parsing-MITRE%20Caldera"
}
]
}

61
2021/42xxx/CVE-2021-42561.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42561",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python \"os.system\" function. This allows attackers to use shell metacharacters (e.g., backticks \"``\" or dollar parenthesis \"$()\" ) in order to escape the current command and execute arbitrary shell commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mitre/caldera/releases",
"refsource": "MISC",
"name": "https://github.com/mitre/caldera/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Caldera",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Caldera"
}
]
}

61
2021/42xxx/CVE-2021-42562.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42562",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mitre/caldera/releases",
"refsource": "MISC",
"name": "https://github.com/mitre/caldera/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42562-Improper%20Access%20Control-MITRE%20Caldera",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42562-Improper%20Access%20Control-MITRE%20Caldera"
}
]
}

61
2021/43xxx/CVE-2021-43960.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-43960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.lorensbergs.co.uk/products/connect2-academic/",
"refsource": "MISC",
"name": "https://www.lorensbergs.co.uk/products/connect2-academic/"
},
{
"refsource": "MISC",
"name": "https://www.surecloud.com/resources/blog/lorensbergs-connect2-cross-site-scripting",
"url": "https://www.surecloud.com/resources/blog/lorensbergs-connect2-cross-site-scripting"
}
]
}

18
2022/0xxx/CVE-2022-0209.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/0xxx/CVE-2022-0210.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-0210",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}