admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-15 17:00:58 +00:00
parent de3f5faa36
commit d4f953c1d7
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 196 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
2021/21xxx/CVE-2021-21586.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-06",
"ID": "CVE-2021-21586",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-06",
"ID": "CVE-2021-21586",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Wyse Management Suite",
"product_name": "Wyse Management Suite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "3.3"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-36: Absolute Path Traversal"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/000189363"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189363",
"name": "https://www.dell.com/support/kbdoc/000189363"
}
]
}

43
2021/21xxx/CVE-2021-21587.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-06",
"ID": "CVE-2021-21587",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-07-06",
"ID": "CVE-2021-21587",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Wyse Management Suite",
"product_name": "Wyse Management Suite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "3.3"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/000189363"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000189363",
"name": "https://www.dell.com/support/kbdoc/000189363"
}
]
}

206
2021/29xxx/CVE-2021-29749.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2021-07-13T00:00:00",
"STATE" : "PUBLIC",
"ID" : "CVE-2021-29749",
"ASSIGNER" : "psirt@us.ibm.com"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE",
"description" : {
"description_data" : [
{
"value" : "IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"S" : "U",
"AV" : "N",
"PR" : "N",
"UI" : "N",
"AC" : "L",
"A" : "N",
"C" : "L",
"SCORE" : "6.500",
"I" : "L"
}
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/pages/node/6471621",
"title" : "IBM Security Bulletin 6471621 (Secure External Authentication Server)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6471621"
},
{
"title" : "IBM Security Bulletin 6471623 (Secure Proxy)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6471623",
"name" : "https://www.ibm.com/support/pages/node/6471623"
},
{
"name" : "ibm-sterling-cve202129749-ssrf (201777)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/201777",
"refsource" : "XF"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"DATE_PUBLIC": "2021-07-13T00:00:00",
"STATE": "PUBLIC",
"ID": "CVE-2021-29749",
"ASSIGNER": "psirt@us.ibm.com"
},
"problemtype": {
"problemtype_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
}
]
},
"product_name" : "Secure Proxy"
},
{
"version" : {
"version_data" : [
{
"version_value" : "6.0.2"
}
]
},
"product_name" : "Secure External Authentication Server"
}
]
},
"vendor_name" : "IBM"
"description": [
{
"value": "Gain Access",
"lang": "eng"
}
]
}
]
}
}
}
]
},
"data_type": "CVE",
"data_format": "MITRE",
"description": {
"description_data": [
{
"value": "IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201777.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"S": "U",
"AV": "N",
"PR": "N",
"UI": "N",
"AC": "L",
"A": "N",
"C": "L",
"SCORE": "6.500",
"I": "L"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6471621",
"title": "IBM Security Bulletin 6471621 (Secure External Authentication Server)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6471621"
},
{
"title": "IBM Security Bulletin 6471623 (Secure Proxy)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6471623",
"name": "https://www.ibm.com/support/pages/node/6471623"
},
{
"name": "ibm-sterling-cve202129749-ssrf (201777)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201777",
"refsource": "XF"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
}
]
},
"product_name": "Secure Proxy"
},
{
"version": {
"version_data": [
{
"version_value": "6.0.2"
}
]
},
"product_name": "Secure External Authentication Server"
}
]
},
"vendor_name": "IBM"
}
]
}
}
}

5
2021/30xxx/CVE-2021-30547.json
View File

@ -64,6 +64,11 @@
"refsource": "DEBIAN",
"name": "DSA-4939",
"url": "https://www.debian.org/security/2021/dsa-4939"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2709-1] firefox-esr security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00009.html"
}
]
},

18
2021/36xxx/CVE-2021-36752.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-36752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

7
2021/3xxx/CVE-2021-3042.json
View File

@ -80,7 +80,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges.\n\nExploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\).\nThis issue impacts:\nAll versions of Cortex XDR agent 6.1 without content update 181 or a later version;\nAll versions of Cortex XDR agent 7.2 without content update 181 or a later version;\nAll versions of Cortex XDR agent 7.3 without content update 181 or a later version.\n\nCortex XDR agent 5.0 versions are not impacted by this issue.\n\nContent updates are required to resolve this issue and are automatically applied for the agent."
"value": "A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. Exploiting this vulnerability requires the user to have file creation privilege in the Windows root directory (such as C:\\). This issue impacts: All versions of Cortex XDR agent 6.1 without content update 181 or a later version; All versions of Cortex XDR agent 7.2 without content update 181 or a later version; All versions of Cortex XDR agent 7.3 without content update 181 or a later version. Cortex XDR agent 5.0 versions are not impacted by this issue. Content updates are required to resolve this issue and are automatically applied for the agent."
}
]
},
@ -124,8 +124,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3042"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3042",
"name": "https://security.paloaltonetworks.com/CVE-2021-3042"
}
]
},

7
2021/3xxx/CVE-2021-3043.json
View File

@ -59,7 +59,7 @@
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface.\n\nPrisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances.\nThis issue impacts:\nPrisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552;\nPrisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439."
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439."
}
]
},
@ -103,8 +103,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2021-3043"
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3043",
"name": "https://security.paloaltonetworks.com/CVE-2021-3043"
}
]
},

18
2021/3xxx/CVE-2021-3650.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}