admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-13 16:00:41 +00:00
parent 76e9da1e58
commit c954a237c5
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
21 changed files with 544 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
2021/20xxx/CVE-2021-20181.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20181",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "up to, including 5.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367->CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1927007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927007"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability."
}
]
}

60
2021/20xxx/CVE-2021-20221.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-20221",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "up to, including qemu 4.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125->CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field",
"url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."
}
]
}

194
2021/20xxx/CVE-2021-20535.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2021-05-12T00:00:00",
"ID" : "CVE-2021-20535",
"STATE" : "PUBLIC"
},
"data_format" : "MITRE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.6.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.1"
},
{
"version_value" : "7.0.2"
}
]
},
"product_name" : "Jazz Reporting Service"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-12T00:00:00",
"ID": "CVE-2021-20535",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.6.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
},
"product_name": "Jazz Reporting Service"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
},
"BM" : {
"C" : "L",
"AV" : "N",
"PR" : "N",
"SCORE" : "6.500",
"S" : "U",
"I" : "L",
"A" : "N",
"UI" : "N",
"AC" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6452323",
"url" : "https://www.ibm.com/support/pages/node/6452323",
"title" : "IBM Security Bulletin 6452323 (Jazz Reporting Service)"
},
{
"name" : "ibm-jazz-cve202120535-ssrf (198834)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/198834",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834."
}
]
},
"data_type" : "CVE"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"C": "L",
"AV": "N",
"PR": "N",
"SCORE": "6.500",
"S": "U",
"I": "L",
"A": "N",
"UI": "N",
"AC": "L"
}
}
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6452323",
"url": "https://www.ibm.com/support/pages/node/6452323",
"title": "IBM Security Bulletin 6452323 (Jazz Reporting Service)"
},
{
"name": "ibm-jazz-cve202120535-ssrf (198834)",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198834",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834."
}
]
},
"data_type": "CVE"
}

5
2021/27xxx/CVE-2021-27396.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-568/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-568/"
}
]
}

5
2021/27xxx/CVE-2021-27397.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-569/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-569/"
}
]
}

5
2021/27xxx/CVE-2021-27398.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-570/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-570/"
}
]
}

10
2021/28xxx/CVE-2021-28465.json
View File

@ -56,6 +56,16 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28465",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28465"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-572/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-572/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-579/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-579/"
}
]
}

5
2021/28xxx/CVE-2021-28474.json
View File

@ -76,6 +76,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-574/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-574/"
}
]
}

5
2021/31xxx/CVE-2021-31170.json
View File

@ -204,6 +204,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31170",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31170"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-578/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-578/"
}
]
}

5
2021/31xxx/CVE-2021-31175.json
View File

@ -136,6 +136,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31175",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31175"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-580/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-580/"
}
]
}

5
2021/31xxx/CVE-2021-31176.json
View File

@ -94,6 +94,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31176",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31176"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-575/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-575/"
}
]
}

5
2021/31xxx/CVE-2021-31177.json
View File

@ -124,6 +124,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-576/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-576/"
}
]
}

5
2021/31xxx/CVE-2021-31181.json
View File

@ -76,6 +76,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-573/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-573/"
}
]
}

5
2021/31xxx/CVE-2021-31187.json
View File

@ -173,6 +173,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-571/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-571/"
}
]
}

5
2021/31xxx/CVE-2021-31188.json
View File

@ -267,6 +267,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-577/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-577/"
}
]
}

56
2021/32xxx/CVE-2021-32917.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-32917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.prosody.im/prosody-0.11.9-released/",
"refsource": "MISC",
"name": "https://blog.prosody.im/prosody-0.11.9-released/"
}
]
}

56
2021/32xxx/CVE-2021-32918.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-32918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.prosody.im/prosody-0.11.9-released/",
"refsource": "MISC",
"name": "https://blog.prosody.im/prosody-0.11.9-released/"
}
]
}

56
2021/32xxx/CVE-2021-32919.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-32919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.prosody.im/prosody-0.11.9-released/",
"refsource": "MISC",
"name": "https://blog.prosody.im/prosody-0.11.9-released/"
}
]
}

56
2021/32xxx/CVE-2021-32920.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-32920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.prosody.im/prosody-0.11.9-released/",
"refsource": "MISC",
"name": "https://blog.prosody.im/prosody-0.11.9-released/"
}
]
}

56
2021/32xxx/CVE-2021-32921.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-32921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://blog.prosody.im/prosody-0.11.9-released/",
"refsource": "MISC",
"name": "https://blog.prosody.im/prosody-0.11.9-released/"
}
]
}

18
2021/3xxx/CVE-2021-3550.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}