admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-17 18:00:43 +00:00
parent 6ee3940a4f
commit b819a9a546
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
12 changed files with 613 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2020/21xxx/CVE-2020-21813.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-21813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-21813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://gnu.com",
"refsource": "MISC",
"name": "http://gnu.com"
},
{
"url": "http://libredwg.com",
"refsource": "MISC",
"name": "http://libredwg.com"
},
{
"url": "https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572890969",
"refsource": "MISC",
"name": "https://github.com/LibreDWG/libredwg/issues/182#issuecomment-572890969"
}
]
}

5
2020/27xxx/CVE-2020-27216.json
View File

@ -685,6 +685,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210517 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rbc5a622401924fadab61e07393235838918228b3d8a1a6704295b032@%3Cissues.beam.apache.org%3E"
}
]
}

172
2020/4xxx/CVE-2020-4669.json
View File

@ -1,90 +1,90 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6436821",
"name" : "https://www.ibm.com/support/pages/node/6436821",
"title" : "IBM Security Bulletin 6436821 (Planning Analytics Local)"
},
{
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186400",
"name" : "ibm-planning-cve20204669-data-manipulation (186400)",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
}
]
},
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
},
"product_name" : "Planning Analytics Local"
}
]
}
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6436821",
"name": "https://www.ibm.com/support/pages/node/6436821",
"title": "IBM Security Bulletin 6436821 (Planning Analytics Local)"
},
{
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186400",
"name": "ibm-planning-cve20204669-data-manipulation (186400)",
"title": "X-Force Vulnerability Report"
}
]
}
},
"data_format" : "MITRE",
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "N",
"UI" : "N",
"S" : "U",
"AC" : "H",
"PR" : "N",
"I" : "H",
"SCORE" : "7.400",
"C" : "H",
"A" : "N"
},
"TM" : {
"RL" : "O",
"RC" : "C",
"E" : "U"
}
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600."
}
]
},
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-05-14T00:00:00",
"ID" : "CVE-2020-4669"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
},
"product_name": "Planning Analytics Local"
}
]
}
}
]
}
},
"data_format": "MITRE",
"impact": {
"cvssv3": {
"BM": {
"AV": "N",
"UI": "N",
"S": "U",
"AC": "H",
"PR": "N",
"I": "H",
"SCORE": "7.400",
"C": "H",
"A": "N"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600."
}
]
},
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-05-14T00:00:00",
"ID": "CVE-2020-4669"
}
}

172
2020/4xxx/CVE-2020-4670.json
View File

@ -1,90 +1,90 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6436821 (Planning Analytics Local)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6436821",
"name" : "https://www.ibm.com/support/pages/node/6436821"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/186401",
"refsource" : "XF",
"name" : "ibm-planning-cve20204670-data-manipulation (186401)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Planning Analytics Local",
"version" : {
"version_data" : [
{
"version_value" : "2.0"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
}
},
"data_version" : "4.0",
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"BM" : {
"PR" : "N",
"AC" : "H",
"S" : "U",
"AV" : "N",
"UI" : "N",
"C" : "H",
"A" : "N",
"SCORE" : "7.400",
"I" : "H"
},
"TM" : {
"RC" : "C",
"E" : "U",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.",
"lang" : "eng"
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-05-14T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2020-4670",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE"
]
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6436821 (Planning Analytics Local)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6436821",
"name": "https://www.ibm.com/support/pages/node/6436821"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186401",
"refsource": "XF",
"name": "ibm-planning-cve20204670-data-manipulation (186401)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Planning Analytics Local",
"version": {
"version_data": [
{
"version_value": "2.0"
}
]
}
}
]
}
}
]
}
},
"data_version": "4.0",
"data_type": "CVE",
"impact": {
"cvssv3": {
"BM": {
"PR": "N",
"AC": "H",
"S": "U",
"AV": "N",
"UI": "N",
"C": "H",
"A": "N",
"SCORE": "7.400",
"I": "H"
},
"TM": {
"RC": "C",
"E": "U",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.",
"lang": "eng"
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-05-14T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2020-4670",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE"
}

12
2021/23xxx/CVE-2021-23384.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-KOAREMOVETRAILINGSLASHES-1085708"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-KOAREMOVETRAILINGSLASHES-1085708",
"name": "https://snyk.io/vuln/SNYK-JS-KOAREMOVETRAILINGSLASHES-1085708"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/vgno/koa-remove-trailing-slashes/blame/6a01ba8fd019bd3ece44879c553037ad96ba7d47/index.js%23L31"
"refsource": "MISC",
"url": "https://github.com/vgno/koa-remove-trailing-slashes/blame/6a01ba8fd019bd3ece44879c553037ad96ba7d47/index.js%23L31",
"name": "https://github.com/vgno/koa-remove-trailing-slashes/blame/6a01ba8fd019bd3ece44879c553037ad96ba7d47/index.js%23L31"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web server uses relative URLs instead of absolute URLs.\r\n\r\n"
"value": "The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web server uses relative URLs instead of absolute URLs."
}
]
},

2
2021/25xxx/CVE-2021-25264.json
View File

@ -63,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local attacker could execute arbitrary code with administrator privileges."
"value": "In multiple versions of Sophos Endpoint products for MacOS, a local attacker could execute arbitrary code with administrator privileges."
}
]
},

10
2021/28xxx/CVE-2021-28165.json
View File

@ -557,6 +557,16 @@
"refsource": "MLIST",
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35@%3Creviews.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7@%3Creviews.spark.apache.org%3E"
}
]
}

174
2021/29xxx/CVE-2021-29747.json
View File

@ -1,90 +1,90 @@
{
"data_type" : "CVE",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "11.7"
}
]
},
"product_name" : "InfoSphere Information Server"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6453437 (InfoSphere Information Server)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6453437",
"name" : "https://www.ibm.com/support/pages/node/6453437"
},
{
"name" : "ibm-infosphere-cve202129747-info-disc (201775)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/201775",
"title" : "X-Force Vulnerability Report"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "11.7"
}
]
},
"product_name": "InfoSphere Information Server"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ID" : "CVE-2021-29747",
"DATE_PUBLIC" : "2021-05-14T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com"
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"AV" : "N",
"UI" : "N",
"S" : "U",
"AC" : "H",
"PR" : "N",
"I" : "N",
"SCORE" : "5.900",
"C" : "H",
"A" : "N"
}
}
}
}
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 6453437 (InfoSphere Information Server)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6453437",
"name": "https://www.ibm.com/support/pages/node/6453437"
},
{
"name": "ibm-infosphere-cve202129747-info-disc (201775)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201775",
"title": "X-Force Vulnerability Report"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-29747",
"DATE_PUBLIC": "2021-05-14T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"AV": "N",
"UI": "N",
"S": "U",
"AC": "H",
"PR": "N",
"I": "N",
"SCORE": "5.900",
"C": "H",
"A": "N"
}
}
}
}

95
2021/32xxx/CVE-2021-32454.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
"ID": "CVE-2021-32454",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SITEL CAP/PRX hardcoded credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAP/PRX",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.2.01",
"version_value": "5.2.01"
}
]
}
}
]
},
"vendor_name": "SITEL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-hardcoded-credentials"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
}
],
"source": {
"advisory": "INCIBE-2021-0179",
"discovery": "EXTERNAL"
}
}

95
2021/32xxx/CVE-2021-32456.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
"ID": "CVE-2021-32456",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SITEL CAP/PRX cleartext transmission of sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAP/PRX",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.2.01",
"version_value": "5.2.01"
}
]
}
}
]
},
"vendor_name": "SITEL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-cleartext-transmission-sensitive-information"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
}
],
"source": {
"advisory": "INCIBE-2021-0181",
"discovery": "EXTERNAL"
}
}

5
2021/32xxx/CVE-2021-32563.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20210511 Re: Code execution through Thunar",
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/3"
},
{
"refsource": "MISC",
"name": "https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d",
"url": "https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d"
}
]
}

166
2021/32xxx/CVE-2021-32617.json
View File

@ -1,91 +1,91 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32617",
"ASSIGNER": "security-advisories@github.com",
"TITLE": "Denial of service in Exiv2",
"STATE": "PUBLIC"
},
"source": {
"advisory": "GHSA-w8mv-g8qq-36mj",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Exiv2",
"product": {
"product_data": [
{
"product_name": "exiv2",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "",
"version_value": "<= 0.27.3",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32617",
"ASSIGNER": "security-advisories@github.com",
"TITLE": "Denial of service in Exiv2",
"STATE": "PUBLIC"
},
"source": {
"advisory": "GHSA-w8mv-g8qq-36mj",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Exiv2",
"product": {
"product_data": [
{
"product_name": "exiv2",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": "",
"version_value": "<= 0.27.3",
"platform": ""
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4.\n\nNote that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj",
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj"
},
{
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/pull/1657",
"name": "https://github.com/Exiv2/exiv2/pull/1657"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj",
"name": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj"
},
{
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/pull/1657",
"name": "https://github.com/Exiv2/exiv2/pull/1657"
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
}
}
}