admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-18 11:00:39 +00:00
parent 6f11cd0a2f
commit 8709b12abf
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
3 changed files with 91 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
2020/25xxx/CVE-2020-25705.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "kernel",
"product_name": "Siemens Lunux Based Products",
"version": {
"version_data": [
{
"version_value": "kernel 5.10"
"version_value": "RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE US: Versions 3.1.39 and later, SIMATIC NET CP 1243-7: Versions 3.1.39 and later, SIMATIC NET CP 1243-8 IRC: Versions 3.1.39 and later, SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1542SP-1: Versions 2.0 and later, SIMATIC NET CP 1543-1 (incl. SIPLUS variants): Versions 2.2 and later, SIMATIC NET CP 1543SP-1 (incl SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1545-1: All versions, SINEMA Remote Connect Server: All versions prior to v3.0 SP1, TIM 1531 IRC (incl. SIPLUS NET variants): All versions"
}
]
}
@ -36,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-330"
"value": "USE OF INSUFFICIENTLY RANDOM VALUES CWE-330"
}
]
}
@ -46,28 +46,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894579"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20201210-0002/",
"url": "https://security.netapp.com/advisory/ntap-20201210-0002/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf"
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03"
}
]
},
@ -75,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue."
"value": "A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version"
}
]
}

45
2021/31xxx/CVE-2021-31341.json
View File

@ -1,25 +1,25 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31341",
"STATE": "PUBLIC"
},
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2021-31341",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Mendix Database Replication",
"product_name": "Mendix Database Replication Module",
"version": {
"version_data": [
{
"version_value": "All versions < V7.0.1"
"version_value": "All versions prior to v7.0.1"
}
]
}
@ -36,26 +36,31 @@
"description": [
{
"lang": "eng",
"value": "CWE-209: Generation of Error Message Containing Sensitive Information"
"value": "GENERATION OF ERROR MESSAGE CONTAINING SENSITIVE INFORMATION CWE-209"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix Database Replication (All versions < V7.0.1). Uploading a table mapping using a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf"
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-05",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-05"
},
{
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1)."
}
]
}

66
2021/31xxx/CVE-2021-31827.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31827",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or destroy database elements. This is in MOVEit.DMZ.WebApp in SILHuman.vb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.progress.com/moveit",
"refsource": "MISC",
"name": "https://www.progress.com/moveit"
},
{
"refsource": "MISC",
"name": "https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-April-2021",
"url": "https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-April-2021"
},
{
"refsource": "MISC",
"name": "https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm",
"url": "https://docs.ipswitch.com/MOVEit/Transfer2021/ReleaseNotes/en/index.htm"
}
]
}