admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-23 18:00:40 +00:00
parent 30a71074b9
commit c344471e8d
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
20 changed files with 735 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2014/6xxx/CVE-2014-6287.json
View File

@ -81,6 +81,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html"
}
]
}

10
2020/11xxx/CVE-2020-11974.json
View File

@ -48,6 +48,16 @@
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rcbe4c248ef0c566e99fd19388a6c92aeef88167286546b675e9b1769%40%3Cdev.dolphinscheduler.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] sonarcloud[bot] commented on pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security",
"url": "https://lists.apache.org/thread.html/ra81adacbfdd6f166f9cf155340674ffd4179386b8b75068639547c11@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[dolphinscheduler-commits] 20210223 [GitHub] [incubator-dolphinscheduler] CalvinKirs opened a new pull request #4851: [FIX-CVE-2020-11974] fix MySQLDataSource Security",
"url": "https://lists.apache.org/thread.html/r9fbe24539a873032b3e41243d44a730d6a2aae26335ac1e3271ea47d@%3Ccommits.dolphinscheduler.apache.org%3E"
}
]
},

50
2021/20xxx/CVE-2021-20198.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "openshift/installer",
"version": {
"version_data": [
{
"version_value": "openshift/installer v0.9.0-master.0.20210125200451-95101da940b0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920764"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}

50
2021/20xxx/CVE-2021-20220.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20220",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "Undertow 2.2.0.Final, Undertow 2.1.6.Final, Undertow 2.0.34.Final"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
}

50
2021/20xxx/CVE-2021-20229.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "PostgreSQL",
"version": {
"version_data": [
{
"version_value": "postgresql 13.2, postgresql 12.6, postgresql 11.11, postgresql 10.16, postgresql 9.6.21, postgresql 9.5.25"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1925296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925296"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality."
}
]
}

80
2021/22xxx/CVE-2021-22651.json
View File

@ -4,14 +4,88 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Luxion KeyShot versions",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Viewer",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Network Rendering",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyVR",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
}
]
}

50
2021/26xxx/CVE-2021-26678.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Unauthenticated Stored Cross-Site Scripting (XSS) in ClearPass Web Administration Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface."
}
]
}

50
2021/26xxx/CVE-2021-26681.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Authenticated Command Injection in ClearPass CLI"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise."
}
]
}

50
2021/26xxx/CVE-2021-26682.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26682",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Reflected Cross-Site Scripting Vulnerability (XSS) in ClearPass Guest Web Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the guest portal interface."
}
]
}

50
2021/26xxx/CVE-2021-26683.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26683",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Authenticated Command Injection in ClearPass WebUI"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise."
}
]
}

50
2021/26xxx/CVE-2021-26684.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26684",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Authenticated Command Injection in ClearPass WebUI"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise."
}
]
}

50
2021/26xxx/CVE-2021-26686.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26686",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Authenticated SQL Injection in Clearpass Web-based Management Interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-004.txt"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database."
}
]
}

55
2021/26xxx/CVE-2021-26926.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26926",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "jasper",
"version": {
"version_data": [
{
"version_value": "jasper 2.0.25"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/jasper-software/jasper/issues/264",
"url": "https://github.com/jasper-software/jasper/issues/264"
},
{
"refsource": "MISC",
"name": "https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b",
"url": "https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash."
}
]
}

5
2021/27xxx/CVE-2021-27189.json
View File

@ -61,6 +61,11 @@
"refsource": "FULLDISC",
"name": "20210223 CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189)",
"url": "http://seclists.org/fulldisclosure/2021/Feb/72"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161507/CIRA-Canadian-Shield-Man-In-The-Middle.html",
"url": "http://packetstormsecurity.com/files/161507/CIRA-Canadian-Shield-Man-In-The-Middle.html"
}
]
}

5
2021/27xxx/CVE-2021-27370.json
View File

@ -61,6 +61,11 @@
"url": "https://github.com/monicahq/monica/pull/4543",
"refsource": "MISC",
"name": "https://github.com/monicahq/monica/pull/4543"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161501/Monica-2.19.1-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/161501/Monica-2.19.1-Cross-Site-Scripting.html"
}
]
}

56
2021/27xxx/CVE-2021-27579.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27579",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.snowsoftware.com/s/feed/0D56900009cfHLDCA2",
"refsource": "MISC",
"name": "https://community.snowsoftware.com/s/feed/0D56900009cfHLDCA2"
}
]
}

18
2021/27xxx/CVE-2021-27580.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27580",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27581.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27581",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2021/27xxx/CVE-2021-27582.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in which HTTP request parameters affect an authorizationRequest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/commit/7eba3c12fed82388f917e8dd9b73e86e3a311e4c",
"refsource": "MISC",
"name": "https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/commit/7eba3c12fed82388f917e8dd9b73e86e3a311e4c"
},
{
"url": "http://agrrrdog.blogspot.com/2017/03/autobinding-vulns-and-spring-mvc.html",
"refsource": "MISC",
"name": "http://agrrrdog.blogspot.com/2017/03/autobinding-vulns-and-spring-mvc.html"
}
]
}
}

5
2021/3xxx/CVE-2021-3156.json
View File

@ -171,6 +171,11 @@
"refsource": "MISC",
"name": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability",
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_21_02",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_02"
}
]
}