admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-30 05:58:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE url update

Browse Source
This commit is contained in:
Natalino Picone 2022-12-01 17:46:02 +01:00
parent d53b45cc6d
commit 95f4c6a790
No known key found for this signature in database
GPG Key ID: 832E0A4E5D10525E
13 changed files with 103 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
2021/26xxx/CVE-2021-26727.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26727",
"STATE": "PUBLIC",
"TITLE": "spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -87,10 +87,13 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26727/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26727/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26727/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},

13
2021/26xxx/CVE-2021-26728.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26728",
"STATE": "PUBLIC",
"TITLE": "spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -87,15 +87,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26728/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26728/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26728/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26728/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26728/",
"discovery": "EXTERNAL"
}
}

13
2021/26xxx/CVE-2021-26729.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26729",
"STATE": "PUBLIC",
"TITLE": "spx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overflows"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -87,15 +87,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26729/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26729/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26729/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26729/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26729/",
"discovery": "EXTERNAL"
}
}

13
2021/26xxx/CVE-2021-26730.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26730",
"STATE": "PUBLIC",
"TITLE": "spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -79,15 +79,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26730/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26730/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26730/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26730/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26730/",
"discovery": "EXTERNAL"
}
}

13
2021/26xxx/CVE-2021-26731.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26731",
"STATE": "PUBLIC",
"TITLE": "spx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflows"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root).\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -87,15 +87,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26731/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26731/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26731/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26731/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26731/",
"discovery": "EXTERNAL"
}
}

13
2021/26xxx/CVE-2021-26732.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26732",
"STATE": "PUBLIC",
"TITLE": "spx_restservice First_network_func Broken Access Control"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -79,15 +79,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26732/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26732/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26732/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26732/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26732/",
"discovery": "EXTERNAL"
}
}

13
2021/26xxx/CVE-2021-26733.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-26733",
"STATE": "PUBLIC",
"TITLE": "spx_restservice FirstReset_handler_func Broken Access Control"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -79,15 +79,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26733/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26733/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-26733/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/",
"discovery": "EXTERNAL"
}
}

13
2021/44xxx/CVE-2021-44467.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-44467",
"STATE": "PUBLIC",
"TITLE": "spx_restservice KillDupUsr_func Broken Access Control"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -79,15 +79,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44467/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44467/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44467/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44467/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44467/",
"discovery": "EXTERNAL"
}
}

13
2021/44xxx/CVE-2021-44769.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-44769",
"STATE": "PUBLIC",
"TITLE": "TLS Certificate Generation Function Improper Input Validation"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -79,15 +79,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44769/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44769/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44769/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44769/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44769/",
"discovery": "EXTERNAL"
}
}

13
2021/44xxx/CVE-2021-44776.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-44776",
"STATE": "PUBLIC",
"TITLE": "spx_restservice SubNet_handler_func Broken Access Control"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -79,15 +79,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44776/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44776/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44776/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-44776/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-44776/",
"discovery": "EXTERNAL"
}
}

13
2021/45xxx/CVE-2021-45925.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-45925",
"STATE": "PUBLIC",
"TITLE": "Username Enumeration"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -79,15 +79,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-45925/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-45925/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-45925/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-45925/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-45925/",
"discovery": "EXTERNAL"
}
}

13
2021/46xxx/CVE-2021-46279.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-46279",
"STATE": "PUBLIC",
"TITLE": "Session Fixation and Insufficient Session Expiration"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."
"value": "Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.10.0."
}
]
},
@ -87,15 +87,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-46279/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-46279/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-46279/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-46279/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-46279/",
"discovery": "EXTERNAL"
}
}

13
2021/4xxx/CVE-2021-4228.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ASSIGNER": "labs-advisory@nozominetworks.com",
"ID": "CVE-2021-4228",
"STATE": "PUBLIC",
"TITLE": "Hard-coded TLS Certificate"
@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0."
"value": "Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection.\nThis issue affects:\nLanner Inc IAC-AST2500A standard firmware version 1.00.0."
}
]
},
@ -79,15 +79,18 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-4228/"
},
{
"refsource": "MISC",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-4228/",
"name": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-4228/"
"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"
}
]
},
"source": {
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-4228/",
"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-4228/",
"discovery": "EXTERNAL"
}
}