admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-29 12:00:59 +00:00
parent bcbdb1dff6
commit dd7c6fa004
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 427 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2021/22xxx/CVE-2021-22545.json
View File

@ -81,12 +81,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7"
"refsource": "MISC",
"url": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7",
"name": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

22
2021/23xxx/CVE-2021-23400.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415",
"name": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/nodemailer/nodemailer/issues/1289"
"refsource": "MISC",
"url": "https://github.com/nodemailer/nodemailer/issues/1289",
"name": "https://github.com/nodemailer/nodemailer/issues/1289"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f"
"refsource": "MISC",
"url": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f",
"name": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.\r\n\r\n"
"value": "The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object."
}
]
},

9
2021/27xxx/CVE-2021-27577.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1."
"value": "Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1."
}
]
},
@ -61,12 +61,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E",
"name": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

271
2021/28xxx/CVE-2021-28690.json
View File

@ -1,136 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28690"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?<",
"version_value" : "4.12"
},
{
"version_affected" : ">=",
"version_value" : "4.13.x"
},
{
"version_affected" : "!>",
"version_value" : "xen-unstable"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "4.12.x"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "4.11.x"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": ">=",
"version_value": "4.13.x"
},
{
"version_affected": "!>",
"version_value": "xen-unstable"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "4.12.x"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "4.11.x"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "See XSA-305 for details of susceptibility to TAA.\n\nOnly systems which are susceptible to TAA and have the XSA-305 fix are\nvulnerable. Only systems which support S3 suspend/resume are vulnerable.\n\nThe vulnerability is only exposed if S3 suspend/resume is used."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "See XSA-305 for details of susceptibility to TAA.\n\nOnly systems which are susceptible to TAA and have the XSA-305 fix are\nvulnerable. Only systems which support S3 suspend/resume are vulnerable.\n\nThe vulnerability is only exposed if S3 suspend/resume is used."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Andrew Cooper of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "x86: TSX Async Abort protections not restored after S3\n\nThis issue relates to the TSX Async Abort speculative security vulnerability.\nPlease see https://xenbits.xen.org/xsa/advisory-305.html for details.\n\nMitigating TAA by disabling TSX (the default and preferred option) requires\nselecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored\nafter S3 suspend."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "After using S3 suspend at least once, CPU0 remains vulnerable to TAA.\n\nThis is an information leak. For full details of the impact, see\nXSA-305."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-377.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not using S3 suspend/resume avoids the vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Andrew Cooper of Citrix."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "After using S3 suspend at least once, CPU0 remains vulnerable to TAA.\n\nThis is an information leak. For full details of the impact, see\nXSA-305."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-377.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-377.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not using S3 suspend/resume avoids the vulnerability."
}
]
}
}
}
}

231
2021/28xxx/CVE-2021-28691.json
View File

@ -1,116 +1,119 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28691"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux",
"version" : {
"version_data" : [
{
"version_affected" : "?<",
"version_value" : "4.12"
},
{
"version_affected" : ">=",
"version_value" : "5.5.0"
},
{
"version_affected" : "!>",
"version_value" : "5.12.2"
}
]
}
}
]
},
"vendor_name" : "Linux"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": ">=",
"version_value": "5.5.0"
},
{
"version_affected": "!>",
"version_value": "5.12.2"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems using Linux version 5.5 or newer are vulnerable."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Systems using Linux version 5.5 or newer are vulnerable."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Michael Brown of iPXE and diagnosed by\nOlivier Benjamin, Michael Kurth and Martin Mazein of AWS."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Guest triggered use-after-free in Linux xen-netback\n\nA malicious or buggy network PV frontend can force Linux netback to\ndisable the interface and terminate the receive kernel thread\nassociated with queue 0 in response to the frontend sending a\nmalformed packet.\n\nSuch kernel thread termination will lead to a use-after-free in Linux\nnetback when the backend is destroyed, as the kernel thread associated\nwith queue 0 will have already exited and thus the call to\nkthread_stop will be performed against a stale pointer."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A malicious or buggy frontend driver can trigger a dom0 crash.\nPrivilege escalation and information leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-374.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On x86 running only HVM guests with emulated network cards will avoid the\nissue. There's however no option in the upstream toolstack to offer only\nemulated network cards to guests."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Michael Brown of iPXE and diagnosed by\nOlivier Benjamin, Michael Kurth and Martin Mazein of AWS."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious or buggy frontend driver can trigger a dom0 crash.\nPrivilege escalation and information leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-374.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-374.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "On x86 running only HVM guests with emulated network cards will avoid the\nissue. There's however no option in the upstream toolstack to offer only\nemulated network cards to guests."
}
]
}
}
}
}

9
2021/32xxx/CVE-2021-32565.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1."
"value": "Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1."
}
]
},
@ -61,12 +61,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E",
"name": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

61
2021/34xxx/CVE-2021-34549.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34549",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-34549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40391",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40391"
},
{
"refsource": "CONFIRM",
"name": "https://blog.torproject.org/node/2041",
"url": "https://blog.torproject.org/node/2041"
}
]
}

61
2021/34xxx/CVE-2021-34550.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-34550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40392",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40392"
},
{
"refsource": "CONFIRM",
"name": "https://blog.torproject.org/node/2041",
"url": "https://blog.torproject.org/node/2041"
}
]
}

18
2021/35xxx/CVE-2021-35936.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3628.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}