admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-15 13:00:53 +00:00
parent 5cfc0d6f0b
commit aeb29c665f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 277 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2021/23xxx/CVE-2021-23336.json
View File

@ -76,16 +76,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933",
"name": "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/python/cpython/pull/24297"
"refsource": "MISC",
"url": "https://github.com/python/cpython/pull/24297",
"name": "https://github.com/python/cpython/pull/24297"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/"
"refsource": "MISC",
"url": "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/",
"name": "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/"
}
]
},
@ -93,7 +96,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.\r\n\r\n"
"value": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter."
}
]
},

37
2021/23xxx/CVE-2021-23337.json
View File

@ -66,32 +66,39 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724",
"name": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851"
"refsource": "MISC",
"url": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851",
"name": "https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851"
}
]
},
@ -99,7 +106,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.\r\n\r\n"
"value": "All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template."
}
]
},

66
2021/25xxx/CVE-2021-25296.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-25296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://nagios.com",
"refsource": "MISC",
"name": "http://nagios.com"
},
{
"url": "https://assets.nagios.com/downloads/nagiosxi/versions.php",
"refsource": "MISC",
"name": "https://assets.nagios.com/downloads/nagiosxi/versions.php"
},
{
"refsource": "MISC",
"name": "https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md",
"url": "https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md"
}
]
}

66
2021/25xxx/CVE-2021-25297.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25297",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-25297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://nagios.com",
"refsource": "MISC",
"name": "http://nagios.com"
},
{
"url": "https://assets.nagios.com/downloads/nagiosxi/versions.php",
"refsource": "MISC",
"name": "https://assets.nagios.com/downloads/nagiosxi/versions.php"
},
{
"refsource": "MISC",
"name": "https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md",
"url": "https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md"
}
]
}

66
2021/25xxx/CVE-2021-25298.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25298",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-25298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://nagios.com",
"refsource": "MISC",
"name": "http://nagios.com"
},
{
"url": "https://assets.nagios.com/downloads/nagiosxi/versions.php",
"refsource": "MISC",
"name": "https://assets.nagios.com/downloads/nagiosxi/versions.php"
},
{
"refsource": "MISC",
"name": "https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md",
"url": "https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md"
}
]
}

66
2021/25xxx/CVE-2021-25299.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-25299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://nagios.com",
"refsource": "MISC",
"name": "http://nagios.com"
},
{
"url": "https://assets.nagios.com/downloads/nagiosxi/versions.php",
"refsource": "MISC",
"name": "https://assets.nagios.com/downloads/nagiosxi/versions.php"
},
{
"refsource": "MISC",
"name": "https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md",
"url": "https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md"
}
]
}

5
2021/3xxx/CVE-2021-3156.json
View File

@ -151,6 +151,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10348",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10348"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit",
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
}
]
}