admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-11 17:00:58 +00:00
parent 13a087032c
commit af556ec737
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 433 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2021/20xxx/CVE-2021-20121.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Telus Wi-Fi Hub (PRV65B444A-S-TS)",
"version": {
"version_data": [
{
"version_value": "3.00.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2021-41",
"url": "https://www.tenable.com/security/research/tra-2021-41"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface."
}
]
}

50
2021/20xxx/CVE-2021-20122.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Telus Wi-Fi Hub (PRV65B444A-S-TS)",
"version": {
"version_data": [
{
"version_value": "3.00.20"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2021-41",
"url": "https://www.tenable.com/security/research/tra-2021-41"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device."
}
]
}

90
2021/22xxx/CVE-2021-22263.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22263",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.0, <14.0.9"
},
{
"version_value": ">=14.1, <14.1.4"
},
{
"version_value": ">=14.2, <14.2.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper privilege management in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/331473",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/331473",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1193062",
"url": "https://hackerone.com/reports/1193062",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22263.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks @joaxcar for reporting this vulnerability through our HackerOne bug bounty program."
}
]
}

83
2021/25xxx/CVE-2021-25633.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@documentfoundation.org",
"DATE_PUBLIC": "2021-10-11T00:00:00.000Z",
"ID": "CVE-2021-25633",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Content Manipulation with Double Certificate Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreOffice",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7-0",
"version_value": "7.0.6"
},
{
"version_affected": "<",
"version_name": "7-1",
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "The Document Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "NDS of Ruhr University Bochum"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633",
"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to 7.0.6 or 7.1.2 or 7.2.0"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

68
2021/26xxx/CVE-2021-26588.json
View File

@ -4,14 +4,76 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HP 3PAR StoreServ 10000 Storage; HP 3PAR StoreServ 7000 Storage; HPE 3PAR StoreServ 8000 Storage; HPE Primera 600 Storage; HPE 3PAR StoreServ 20000; HPE Alletra 9000; HPE 3PAR StoreServ 9000 Storage",
"version": {
"version_data": [
{
"version_value": "3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01"
},
{
"version_value": "3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01"
},
{
"version_value": "3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01"
},
{
"version_value": "4.0.0 to 4.2.8 or 4.0.0 to 4.3.3"
},
{
"version_value": "3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01"
},
{
"version_value": "9.3.0 to 9.3.3 or 9.3.0 to 9.4.0"
},
{
"version_value": "3.3.1 MU1 up to 3.3.1 MU2 P157 or 3.3.1 up to 3.3.1 MU5 P156 or 3.3.1 MU1 up to 3.3.2 GA P01"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst04191en_us"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This vulnerability impacts completely the confidentiality, integrity, availability of the array. HPE has made the following software updates and mitigation information to resolve the vulnerability in 3PAR, Primera and Alletra 9000 firmware."
}
]
}

50
2021/27xxx/CVE-2021-27002.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@netapp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Cloud Manager",
"version": {
"version_data": [
{
"version_value": "Versions prior to 3.9.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20211011-0001/",
"url": "https://security.netapp.com/advisory/ntap-20211011-0001/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy."
}
]
}

55
2021/32xxx/CVE-2021-32028.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956877"
},
{
"refsource": "MISC",
"name": "https://www.postgresql.org/support/security/CVE-2021-32028",
"url": "https://www.postgresql.org/support/security/CVE-2021-32028"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality."
}
]
}

4
2021/33xxx/CVE-2021-33903.json
View File

@ -54,8 +54,8 @@
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.nmedv.de/wp-content/uploads/2021/09/NME-2021-001.txt",
"url": "https://www.nmedv.de/wp-content/uploads/2021/09/NME-2021-001.txt"
"name": "https://www.nmedv.de/wp-content/uploads/2021/10/NME-2021-001.txt",
"url": "https://www.nmedv.de/wp-content/uploads/2021/10/NME-2021-001.txt"
}
]
}

5
2021/36xxx/CVE-2021-36160.json
View File

@ -158,6 +158,11 @@
"refsource": "DEBIAN",
"name": "DSA-4982",
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"refsource": "MLIST",
"name": "[httpd-bugs] 20211011 [Bug 65616] CVE-2021-36160 regression",
"url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3Cbugs.httpd.apache.org%3E"
}
]
},

5
2021/40xxx/CVE-2021-40085.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://security.openstack.org/ossa/OSSA-2021-005.html",
"url": "https://security.openstack.org/ossa/OSSA-2021-005.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211011 [SECURITY] [DLA 2781-1] neutron security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html"
}
]
}