admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-19 15:02:01 +00:00
parent 78aad9f3b1
commit 9b98687a28
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 268 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
2020/28xxx/CVE-2020-28479.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1062038"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1062038",
"name": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1062038"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062039"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062039",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062039"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062040"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062040",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062040"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/clientIO/joint/releases/tag/v3.3.0"
"refsource": "MISC",
"url": "https://github.com/clientIO/joint/releases/tag/v3.3.0",
"name": "https://github.com/clientIO/joint/releases/tag/v3.3.0"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.\r\n\r\n"
"value": "The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function."
}
]
},

27
2020/28xxx/CVE-2020-28480.json
View File

@ -48,24 +48,29 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444",
"name": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150"
"refsource": "MISC",
"url": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150",
"name": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/clientIO/joint/pull/1406"
"refsource": "MISC",
"url": "https://github.com/clientIO/joint/pull/1406",
"name": "https://github.com/clientIO/joint/pull/1406"
}
]
},
@ -73,7 +78,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath).\r\nThe path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.\r\n\r\n"
"value": "The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution."
}
]
},

22
2020/28xxx/CVE-2020-28481.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859",
"name": "https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1056357"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1056357",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1056357"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1056358"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1056358",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1056358"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/socketio/socket.io/issues/3671"
"refsource": "MISC",
"url": "https://github.com/socketio/socket.io/issues/3671",
"name": "https://github.com/socketio/socket.io/issues/3671"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.\n"
"value": "The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default."
}
]
},

12
2020/28xxx/CVE-2020-28482.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-FASTIFYCSRF-1062044"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-FASTIFYCSRF-1062044",
"name": "https://snyk.io/vuln/SNYK-JS-FASTIFYCSRF-1062044"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/fastify/fastify-csrf/pull/26"
"refsource": "MISC",
"url": "https://github.com/fastify/fastify-csrf/pull/26",
"name": "https://github.com/fastify/fastify-csrf/pull/26"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects the package fastify-csrf before 3.0.0.\n 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true }\r\n\r\n2. The CSRF token was available in the GET query parameter\n"
"value": "This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter"
}
]
},

18
2021/3xxx/CVE-2021-3180.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

77
2021/3xxx/CVE-2021-3181.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.com/muttmua/mutt/-/issues/323",
"refsource": "MISC",
"name": "https://gitlab.com/muttmua/mutt/-/issues/323"
},
{
"url": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17",
"refsource": "MISC",
"name": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17"
},
{
"url": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19",
"refsource": "MISC",
"name": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19"
},
{
"url": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14",
"refsource": "MISC",
"name": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14"
}
]
}
}

62
2021/3xxx/CVE-2021-3182.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10203",
"refsource": "MISC",
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10203"
}
]
}
}

62
2021/3xxx/CVE-2021-3183.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://seclists.org/fulldisclosure/2021/Jan/20",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Jan/20"
}
]
}
}