admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-08-17 20:00:59 +00:00
parent 34806220c8
commit badeb8e73d
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
21 changed files with 1266 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2020/13xxx/CVE-2020-13588.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13588",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rukovoditel",
"version": {
"version_data": [
{
"version_value": "Rukovoditel Project Management App 2.7.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in the \u2018entities/fields\u2019 page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in \u2018\u2018entities/fields\u2019 page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery."
}
]
}

50
2020/13xxx/CVE-2020-13589.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-13589",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Rukovoditel",
"version": {
"version_data": [
{
"version_value": "Rukovoditel Project Management App 2.7.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1199"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An exploitable SQL injection vulnerability exists in the \u2018entities/fields\u2019 page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery."
}
]
}

62
2020/18xxx/CVE-2020-18164.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-18164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-18164",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xz.aliyun.com/t/5095",
"refsource": "MISC",
"name": "https://xz.aliyun.com/t/5095"
}
]
}

50
2020/28xxx/CVE-2020-28594.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28594",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Prusa Research",
"version": {
"version_data": [
{
"version_value": "Prusa Research PrusaSlicer 2.2.0 , Prusa Research PrusaSlicer Master (commit 4b040b856)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

5
2021/0xxx/CVE-2021-0462.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2021-03-01",
"url": "https://source.android.com/security/bulletin/pixel/2021-03-01"
},
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2021-08-01",
"url": "https://source.android.com/security/bulletin/pixel/2021-08-01"
}
]
},

50
2021/21xxx/CVE-2021-21810.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "AT&T Labs",
"version": {
"version_data": [
{
"version_value": "AT&T Labs Xmill 0.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1278",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1278"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs\u2019 Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."
}
]
}

55
2021/21xxx/CVE-2021-21832.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Disc",
"version": {
"version_data": [
{
"version_value": "Disc Soft Ltd Deamon Tools Pro 8.3.0.0767"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow to buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1295",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1295"
},
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1295",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1295"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A VULNERABILITY_CLASS vulnerability exists in the FEATURE functionality of Disc Soft Ltd Deamon Tools Pro AFFECTED_VERSIONS. A specially crafted VECTOR can lead to IMPACT. An attacker can EXPLOIT_ACTION to trigger this vulnerability."
}
]
}

97
2021/29xxx/CVE-2021-29980.json
View File

@ -4,14 +4,105 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
},
{
"version_value": "91",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uninitialized memory in a canvas object could have led to memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-35/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-35/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-34/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-34/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722204",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722204"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91."
}
]
}

72
2021/29xxx/CVE-2021-29981.json
View File

@ -4,14 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29981",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Live range splitting could have led to conflicting assignments in the JIT"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1707774",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1707774"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91."
}
]
}

72
2021/29xxx/CVE-2021-29982.json
View File

@ -4,14 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Single bit data leak due to incorrect JIT optimization and type confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1715318",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1715318"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91."
}
]
}

56
2021/29xxx/CVE-2021-29983.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Firefox for Android could get stuck in fullscreen mode"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1719088",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1719088"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91."
}
]
}

97
2021/29xxx/CVE-2021-29984.json
View File

@ -4,14 +4,105 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29984",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
},
{
"version_value": "91",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect instruction reordering during JIT optimization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-35/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-35/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-34/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-34/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1720031",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1720031"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91."
}
]
}

97
2021/29xxx/CVE-2021-29985.json
View File

@ -4,14 +4,105 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
},
{
"version_value": "91",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free media channels"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-35/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-35/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-34/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-34/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722083",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1722083"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91."
}
]
}

97
2021/29xxx/CVE-2021-29986.json
View File

@ -4,14 +4,105 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29986",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
},
{
"version_value": "91",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race condition when resolving DNS names could have led to memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-35/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-35/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-34/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-34/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1696138",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1696138"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91."
}
]
}

72
2021/29xxx/CVE-2021-29987.json
View File

@ -4,14 +4,80 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29987",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Users could have been tricked into accepting unwanted permissions on Linux"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1716129",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1716129"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91."
}
]
}

97
2021/29xxx/CVE-2021-29988.json
View File

@ -4,14 +4,105 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29988",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
},
{
"version_value": "91",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory corruption as a result of incorrect style treatment"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-35/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-35/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-34/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-34/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-36/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-36/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717922",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1717922"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91."
}
]
}

88
2021/29xxx/CVE-2021-29989.json
View File

@ -4,14 +4,96 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29989",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "78.13",
"version_affected": "<"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-35/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-35/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-34/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-34/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1662676%2C1666184%2C1719178%2C1719998%2C1720568"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91."
}
]
}

56
2021/29xxx/CVE-2021-29990.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29990",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "91",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 91"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-33/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-33/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544190%2C1716481%2C1717778%2C1719319%2C1722073"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91."
}
]
}

20
2021/34xxx/CVE-2021-34429.json
View File

@ -157,6 +157,26 @@
"refsource": "MLIST",
"name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
"url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
"url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
"url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
"url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
"url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E"
}
]
}

77
2021/38xxx/CVE-2021-38702.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-38702",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-38702",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.cyberoamworks.com/NetGenie-Home.asp",
"refsource": "MISC",
"name": "http://www.cyberoamworks.com/NetGenie-Home.asp"
},
{
"refsource": "FULLDISC",
"name": "20210816 Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Cross Site Scripting (XSS)",
"url": "http://seclists.org/fulldisclosure/2021/Aug/20"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/163859/Cyberoam-NetGenie-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/163859/Cyberoam-NetGenie-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2021/Aug/20",
"url": "https://seclists.org/fulldisclosure/2021/Aug/20"
}
]
}

18
2021/39xxx/CVE-2021-39246.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}