admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-12-07 18:01:07 +00:00
parent f7a274bae4
commit d6205f9cc0
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
3 changed files with 106 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
2021/39xxx/CVE-2021-39923.json
View File

@ -18,6 +18,9 @@
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": ">=3.2.0, <3.2.18"
},
{
"version_value": ">=3.4.0, <3.4.10"
}
@ -36,7 +39,7 @@
"description": [
{
"lang": "eng",
"value": "Null pointer dereference in Wireshark"
"value": "Excessive iteration in Wireshark"
}
]
}
@ -44,30 +47,20 @@
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2021-15.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-15.html",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17705",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17705",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json",
"refsource": "CONFIRM"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-97bd631e0a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/"
"name": "https://www.wireshark.org/security/wnpa-sec-2021-11.html",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-11.html",
"refsource": "MISC"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-3747cf6107",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/"
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17684",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17684",
"refsource": "MISC"
}
]
},
@ -75,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file"
"value": "Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file"
}
]
},
@ -94,11 +87,5 @@
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "TODO"
}
]
}
}

50
2021/43xxx/CVE-2021-43175.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@synopsys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GOautodial",
"product": {
"product_data": [
{
"product_name": "GOautodial API",
"version": {
"version_data": [
{
"version_value": "< 3c3a979"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305: Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-goautodial-vulnerabilities",
"refsource": "MISC",
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-goautodial-vulnerabilities"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"
}
]
}

50
2021/43xxx/CVE-2021-43176.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-43176",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@synopsys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GOautodial",
"product": {
"product_data": [
{
"product_name": "GOautodial API",
"version": {
"version_data": [
{
"version_value": "< 3c3a979"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-goautodial-vulnerabilities",
"refsource": "MISC",
"name": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-goautodial-vulnerabilities"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied \u201caction\u201d parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the action. This permits an attacker to execute any PHP source file with a .php extension that is present on the disk and readable by the GOautodial web server process. Combined with CVE-2021-43175, it is possible for the attacker to do this without valid credentials. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"
}
]
}