From a4ebf6791268d356ddd13232c1ef938ab54ee1c0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 17 Feb 2021 18:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/17xxx/CVE-2020-17516.json | 5 +++++ 2020/1xxx/CVE-2020-1412.json | 5 +++++ 2020/1xxx/CVE-2020-1416.json | 5 +++++ 2020/25xxx/CVE-2020-25649.json | 5 +++++ 2021/1xxx/CVE-2021-1351.json | 4 ++-- 2021/1xxx/CVE-2021-1366.json | 4 ++-- 2021/1xxx/CVE-2021-1372.json | 4 ++-- 2021/1xxx/CVE-2021-1378.json | 4 ++-- 2021/1xxx/CVE-2021-1412.json | 4 ++-- 9 files changed, 30 insertions(+), 10 deletions(-) diff --git a/2020/17xxx/CVE-2020-17516.json b/2020/17xxx/CVE-2020-17516.json index e7eca8a3510..5d0e37e9971 100644 --- a/2020/17xxx/CVE-2020-17516.json +++ b/2020/17xxx/CVE-2020-17516.json @@ -57,6 +57,11 @@ "refsource": "CONFIRM", "name": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D@apache.org%3e", "url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D@apache.org%3e" + }, + { + "refsource": "MLIST", + "name": "[cassandra-commits] 20210217 [jira] [Created] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch", + "url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8@%3Ccommits.cassandra.apache.org%3E" } ] }, diff --git a/2020/1xxx/CVE-2020-1412.json b/2020/1xxx/CVE-2020-1412.json index 4b3ef2d3750..a0609373b27 100644 --- a/2020/1xxx/CVE-2020-1412.json +++ b/2020/1xxx/CVE-2020-1412.json @@ -276,6 +276,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1412", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1412" + }, + { + "refsource": "CISCO", + "name": "20210217 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S" } ] } diff --git a/2020/1xxx/CVE-2020-1416.json b/2020/1xxx/CVE-2020-1416.json index d975a480562..abafb16f35a 100644 --- a/2020/1xxx/CVE-2020-1416.json +++ b/2020/1xxx/CVE-2020-1416.json @@ -116,6 +116,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416" + }, + { + "refsource": "CISCO", + "name": "20210217 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilities", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S" } ] } diff --git a/2020/25xxx/CVE-2020-25649.json b/2020/25xxx/CVE-2020-25649.json index 1fd4789cc9d..99b8d56af9e 100644 --- a/2020/25xxx/CVE-2020-25649.json +++ b/2020/25xxx/CVE-2020-25649.json @@ -228,6 +228,11 @@ "refsource": "FEDORA", "name": "FEDORA-2021-1d8254899c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/" + }, + { + "refsource": "MLIST", + "name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965", + "url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E" } ] }, diff --git a/2021/1xxx/CVE-2021-1351.json b/2021/1xxx/CVE-2021-1351.json index 23d4976c9e6..6b20b6f3d2b 100644 --- a/2021/1xxx/CVE-2021-1351.json +++ b/2021/1xxx/CVE-2021-1351.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. " + "value": "A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1366.json b/2021/1xxx/CVE-2021-1366.json index 2b93720dee3..04be5d99b62 100644 --- a/2021/1xxx/CVE-2021-1366.json +++ b/2021/1xxx/CVE-2021-1366.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. " + "value": "A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1372.json b/2021/1xxx/CVE-2021-1372.json index 2f6ef1b356b..23dd964345a 100644 --- a/2021/1xxx/CVE-2021-1372.json +++ b/2021/1xxx/CVE-2021-1372.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system. " + "value": "A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1378.json b/2021/1xxx/CVE-2021-1378.json index 88dfe30a65d..2ea2d4d3495 100644 --- a/2021/1xxx/CVE-2021-1378.json +++ b/2021/1xxx/CVE-2021-1378.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device. " + "value": "A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1412.json b/2021/1xxx/CVE-2021-1412.json index 454034c2212..d345a1598f8 100644 --- a/2021/1xxx/CVE-2021-1412.json +++ b/2021/1xxx/CVE-2021-1412.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. " + "value": "Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory." } ] }, @@ -87,4 +87,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file