admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-17 18:00:43 +00:00
parent 6ee3940a4f
commit b819a9a546
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 613 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
2020/21xxx/CVE-2020-21813.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21813",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://gnu.com",
"refsource": "MISC",
"name": "http://gnu.com"
},
{
"url": "http://libredwg.com",
"refsource": "MISC",
"name": "http://libredwg.com"
},
{
"url": "https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572890969",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572890969"
}
]
}

5
2020/27xxx/CVE-2020-27216.json
View File

@ -685,6 +685,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210517 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rbc5a622401924fadab61e07393235838918228b3d8a1a6704295b032@%3Cissues.beam.apache.org%3E"
}
]
}

12
2021/23xxx/CVE-2021-23384.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-KOAREMOVETRAILINGSLASHES-1085708"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-KOAREMOVETRAILINGSLASHES-1085708",
"name": "https://snyk.io/vuln/SNYK-JS-KOAREMOVETRAILINGSLASHES-1085708"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/vgno/koa-remove-trailing-slashes/blame/6a01ba8fd019bd3ece44879c553037ad96ba7d47/index.js%23L31"
"refsource": "MISC",
"url": "https://github.com/vgno/koa-remove-trailing-slashes/blame/6a01ba8fd019bd3ece44879c553037ad96ba7d47/index.js%23L31",
"name": "https://github.com/vgno/koa-remove-trailing-slashes/blame/6a01ba8fd019bd3ece44879c553037ad96ba7d47/index.js%23L31"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web server uses relative URLs instead of absolute URLs.\r\n\r\n"
"value": "The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web server uses relative URLs instead of absolute URLs."
}
]
},

2
2021/25xxx/CVE-2021-25264.json
View File

@ -63,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local attacker could execute arbitrary code with administrator privileges."
"value": "In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges."
}
]
},

10
2021/28xxx/CVE-2021-28165.json
View File

@ -557,6 +557,16 @@
"refsource": "MLIST",
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35@%3Creviews.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7@%3Creviews.spark.apache.org%3E"
}
]
}

101
2021/32xxx/CVE-2021-32454.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
"ID": "CVE-2021-32454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SITEL CAP/PRX hardcoded credentials"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "CAP/PRX",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.2.01",
"version_value": "5.2.01"
}
]
}
}
]
},
"vendor_name": "SITEL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
}
],
"source": {
"advisory": "INCIBE-2021-0179",
"discovery": "EXTERNAL"
}
}

101
2021/32xxx/CVE-2021-32456.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
"ID": "CVE-2021-32456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SITEL CAP/PRX cleartext transmission of sensitive information"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "CAP/PRX",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.2.01",
"version_value": "5.2.01"
}
]
}
}
]
},
"vendor_name": "SITEL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
}
],
"source": {
"advisory": "INCIBE-2021-0181",
"discovery": "EXTERNAL"
}
}

5
2021/32xxx/CVE-2021-32563.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210511 Re: Code execution through Thunar",
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/3"
},
{
"refsource": "MISC",
"name": "https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"url": "https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d"
}
]
}

2
2021/32xxx/CVE-2021-32617.json
View File

@ -54,7 +54,7 @@
"description_data": [
{
"lang": "eng",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4.\n\nNote that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`."
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`."
}
]
},