admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-26 03:00:41 +00:00
parent 1fa906cc9c
commit c776f90a36
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
25 changed files with 879 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2020/24xxx/CVE-2020-24455.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24455",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@intel.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "TPM2 source",
"version": {
"version_data": [
{
"version_value": "before 3.01, before 2.4.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902167"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3",
"url": "https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1",
"url": "https://github.com/tpm2-software/tpm2-tss/releases/tag/3.0.1"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3."
}
]
}

5
2020/36xxx/CVE-2020-36148.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/hoene/libmysofa/issues/138",
"refsource": "MISC",
"name": "https://github.com/hoene/libmysofa/issues/138"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-4e40ccb5e6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/"
}
]
}

5
2020/36xxx/CVE-2020-36149.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/hoene/libmysofa/issues/137",
"refsource": "MISC",
"name": "https://github.com/hoene/libmysofa/issues/137"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-4e40ccb5e6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/"
}
]
}

5
2020/36xxx/CVE-2020-36150.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/hoene/libmysofa/issues/135",
"refsource": "MISC",
"name": "https://github.com/hoene/libmysofa/issues/135"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-4e40ccb5e6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/"
}
]
}

5
2020/36xxx/CVE-2020-36151.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/hoene/libmysofa/issues/134",
"refsource": "MISC",
"name": "https://github.com/hoene/libmysofa/issues/134"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-4e40ccb5e6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/"
}
]
}

5
2020/36xxx/CVE-2020-36152.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/hoene/libmysofa/issues/136",
"refsource": "MISC",
"name": "https://github.com/hoene/libmysofa/issues/136"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-4e40ccb5e6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQLNZOVVONQSZZJHQVZT6NMOUUDMGBBR/"
}
]
}

2
2021/21xxx/CVE-2021-21330.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows \"pip install aiohttp >= 3.7.4\". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.\n "
"value": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows \"pip install aiohttp >= 3.7.4\". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications."
}
]
},

50
2021/21xxx/CVE-2021-21724.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-21724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "ZXR10 8900E",
"version": {
"version_data": [
{
"version_value": "all versions up to V3.03.20R2B30P1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014584"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1."
}
]
}

5
2021/23xxx/CVE-2021-23336.json
View File

@ -124,6 +124,11 @@
"refsource": "MLIST",
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-907f3bacae",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/"
}
]
},

85
2021/23xxx/CVE-2021-23953.json
View File

@ -4,14 +4,93 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "< 78.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "< 78.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-origin information leakage via redirected PDF requests"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-05/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683940",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1683940"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7."
}
]
}

85
2021/23xxx/CVE-2021-23954.json
View File

@ -4,14 +4,93 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23954",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "< 78.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "< 78.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type confusion when using logical assignment operators in JavaScript switch statements"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-05/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684020",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684020"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7."
}
]
}

55
2021/23xxx/CVE-2021-23955.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Clickjacking across tabs through misusing requestPointerLock"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684837",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684837"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85."
}
]
}

55
2021/23xxx/CVE-2021-23956.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23956",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File picker dialog could have been used to disclose a complete directory"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1338637",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1338637"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85."
}
]
}

55
2021/23xxx/CVE-2021-23957.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Iframe sandbox could have been bypassed on Android via the intent URL scheme"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584582",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584582"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85."
}
]
}

55
2021/23xxx/CVE-2021-23958.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Screen sharing permission leaked across tabs"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1642747",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1642747"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85."
}
]
}

55
2021/23xxx/CVE-2021-23959.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23959",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting in error pages on Firefox for Android"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1659035",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1659035"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85."
}
]
}

85
2021/23xxx/CVE-2021-23960.json
View File

@ -4,14 +4,93 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_value": "< 78.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_value": "< 78.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-poison for incorrectly redeclared JavaScript variables during GC"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-04/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-04/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-05/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-05/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675755",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675755"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7."
}
]
}

55
2021/23xxx/CVE-2021-23961.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "More internal network hosts could have been probed by a malicious webpage"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677940",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677940"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85."
}
]
}

55
2021/23xxx/CVE-2021-23962.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23962",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</code>"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677194",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677194"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85."
}
]
}

55
2021/23xxx/CVE-2021-23963.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23963",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 85"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission prompt inaccessible after asking for additional permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-03/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-03/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1680793",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1680793"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85."
}
]
}

55
2021/23xxx/CVE-2021-23977.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23977",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mozilla.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "< 86"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious application could read sensitive data from Firefox for Android's application directories"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2021-07/",
"refsource": "MISC",
"name": "https://www.mozilla.org/security/advisories/mfsa2021-07/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684761",
"refsource": "MISC",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1684761"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86."
}
]
}

10
2021/26xxx/CVE-2021-26933.json
View File

@ -56,6 +56,16 @@
"url": "http://xenbits.xen.org/xsa/advisory-364.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-364.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-4c819bf1ad",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-47f53a940a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/"
}
]
}

10
2021/26xxx/CVE-2021-26934.json
View File

@ -56,6 +56,16 @@
"url": "http://xenbits.xen.org/xsa/advisory-363.html",
"refsource": "MISC",
"name": "http://xenbits.xen.org/xsa/advisory-363.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-4c819bf1ad",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-47f53a940a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/"
}
]
}

5
2021/27xxx/CVE-2021-27135.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210213 [SECURITY] [DLA 2558-1] xterm security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00019.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-e7a8e79fa8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35LK2ZXEIJUOGOA7FV2TJL3L6LFJ4X5S/"
}
]
}

5
2021/3xxx/CVE-2021-3177.json
View File

@ -146,6 +146,11 @@
"refsource": "MLIST",
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-907f3bacae",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/"
}
]
}