admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-22 19:01:00 +00:00
parent 245b746220
commit ca79f29e1c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
5 changed files with 112 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/14xxx/CVE-2019-14462.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-355f6e10c1",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRAQZXGAZY6UGWZ6CD33QEFLL7AWW233/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211122 [SECURITY] [DLA 2825-1] libmodbus security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00020.html"
}
]
}

5
2019/14xxx/CVE-2019-14463.json
View File

@ -71,6 +71,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-355f6e10c1",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRAQZXGAZY6UGWZ6CD33QEFLL7AWW233/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211122 [SECURITY] [DLA 2825-1] libmodbus security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00020.html"
}
]
}

8
2020/15xxx/CVE-2020-15074.json
View File

@ -11,7 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenVPN",
"vendor_name": "n/a",
"product": {
"product_data": [
{
@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "2.8.3 and prior versions"
"version_value": "2.8.3 and prior versions in addition to 2.9.5"
}
]
}
@ -45,7 +45,7 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"refsource": "MISC",
"name": "https://openvpn.net/vpn-server-resources/release-notes/",
"url": "https://openvpn.net/vpn-server-resources/release-notes/"
}
@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "OpenVPN Access Server older than version 2.8.4 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp."
"value": "OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp."
}
]
}

99
2021/38xxx/CVE-2021-38448.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-38448",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Trane Symbio Improper Control of Generation of Code"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symbio",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "700",
"version_value": "1.00.0023"
},
{
"version_affected": "<",
"version_name": "800",
"version_value": "1.00.0007"
}
]
}
}
]
},
"vendor_name": "Trane"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Trane reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Affected users should contact a Trane representative to install updated firmware or request additional information. Please reference Trane service database number HUB-205962 when contacting the Trane office.\nTrane has identified the following specific mitigations:\n\nSymbio 700 controllers: Upgrade to v1.00.0023 or later\nSymbio 800 controllers: Upgrade to v1.00.0007 or later\nIn addition to the specific recommendations above, Trane continues to recommend the following best practices as an additional protection against this and other controller vulnerabilities:\n\nRestrict physical controller access to trained and trusted personnel.\nUse secure remote access solutions, such as Trane Connect Remote Access, when needed.\nEnsure user credentials are not shared and follow best practices for appropriate complexity (e.g., strong passwords).\nHave a well-documented process and owner to ensure regular software/firmware updates and keep systems up to date."
}
],
"source": {
"advisory": "ICSA-21-266-01",
"discovery": "UNKNOWN"
}
}

5
2021/40xxx/CVE-2021-40531.json
View File

@ -56,6 +56,11 @@
"url": "https://www.sketch.com/updates/#version-75",
"refsource": "MISC",
"name": "https://www.sketch.com/updates/#version-75"
},
{
"refsource": "MISC",
"name": "https://jonpalmisc.com/2021/11/22/cve-2021-40531",
"url": "https://jonpalmisc.com/2021/11/22/cve-2021-40531"
}
]
}