admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-29 12:00:59 +00:00
parent bcbdb1dff6
commit dd7c6fa004
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 427 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/22xxx/CVE-2021-22545.json
View File

@ -81,8 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7"
"refsource": "MISC",
"url": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7",
"name": "https://www.zynamics.com/bindiff/manual/index.html#nyyyy7"
}
]
},

22
2021/23xxx/CVE-2021-23400.json
View File

@ -48,20 +48,24 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415",
"name": "https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415"
},
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737",
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/nodemailer/nodemailer/issues/1289"
"refsource": "MISC",
"url": "https://github.com/nodemailer/nodemailer/issues/1289",
"name": "https://github.com/nodemailer/nodemailer/issues/1289"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f"
"refsource": "MISC",
"url": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f",
"name": "https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f"
}
]
},
@ -69,7 +73,7 @@
"description_data": [
{
"lang": "eng",
"value": "The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.\r\n\r\n"
"value": "The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object."
}
]
},

5
2021/27xxx/CVE-2021-27577.json
View File

@ -61,8 +61,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E",
"name": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
}
]
},

11
2021/28xxx/CVE-2021-28690.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28690"
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -86,7 +87,7 @@
"description_data": [
{
"lang": "eng",
"value" : "x86: TSX Async Abort protections not restored after S3\n\nThis issue relates to the TSX Async Abort speculative security vulnerability.\nPlease see https://xenbits.xen.org/xsa/advisory-305.html for details.\n\nMitigating TAA by disabling TSX (the default and preferred option) requires\nselecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored\nafter S3 suspend."
"value": "x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend."
}
]
},
@ -117,7 +118,9 @@
"references": {
"reference_data": [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-377.txt"
"url": "https://xenbits.xenproject.org/xsa/advisory-377.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-377.txt"
}
]
},

11
2021/28xxx/CVE-2021-28691.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28691"
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -66,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value" : "Guest triggered use-after-free in Linux xen-netback\n\nA malicious or buggy network PV frontend can force Linux netback to\ndisable the interface and terminate the receive kernel thread\nassociated with queue 0 in response to the frontend sending a\nmalformed packet.\n\nSuch kernel thread termination will lead to a use-after-free in Linux\nnetback when the backend is destroyed, as the kernel thread associated\nwith queue 0 will have already exited and thus the call to\nkthread_stop will be performed against a stale pointer."
"value": "Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer."
}
]
},
@ -97,7 +98,9 @@
"references": {
"reference_data": [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-374.txt"
"url": "https://xenbits.xenproject.org/xsa/advisory-374.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-374.txt"
}
]
},

5
2021/32xxx/CVE-2021-32565.json
View File

@ -61,8 +61,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E",
"name": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"
}
]
},

67
2021/34xxx/CVE-2021-34549.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34549",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-34549",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40391",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40391"
},
{
"refsource": "CONFIRM",
"name": "https://blog.torproject.org/node/2041",
"url": "https://blog.torproject.org/node/2041"
}
]
}

67
2021/34xxx/CVE-2021-34550.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-34550",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40392",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/issues/40392"
},
{
"refsource": "CONFIRM",
"name": "https://blog.torproject.org/node/2041",
"url": "https://blog.torproject.org/node/2041"
}
]
}

18
2021/35xxx/CVE-2021-35936.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3628.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}