admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-02-15 16:00:42 +00:00
parent 5a89f5d440
commit ddc27b2c75
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
8 changed files with 479 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2017/15xxx/CVE-2017-15288.json
View File

@ -121,6 +121,16 @@
"refsource": "MLIST",
"name": "[kafka-jira] 20210214 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?",
"url": "https://lists.apache.org/thread.html/r10dd8e5b3bbe3bb531aa4a65472ce56f91efbb77ea9fe04bb8272e2c@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210215 [jira] [Commented] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?",
"url": "https://lists.apache.org/thread.html/r3f10022ec972c8df29a950d1a591c16562eeddd9194d3010e46b9b76@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-dev] 20210215 [jira] [Resolved] (KAFKA-12325) Is Kafka affected by Scala security vulnerability (CVE-2017-15288)?",
"url": "https://lists.apache.org/thread.html/r5a1418a4f5101f5af3fc14bf358c54f2c7200e6a3701de2e2f581e1b@%3Cdev.kafka.apache.org%3E"
}
]
}

83
2020/29xxx/CVE-2020-29026.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "VulnerabilityReporting@secomea.com",
"ID": "CVE-2020-29026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All",
"version_value": "9.2c"
}
]
}
}
]
},
"vendor_name": "Secomea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2918",
"name": "https://www.secomea.com/support/cybersecurity-advisory/#2918"
}
]
},
"source": {
"defect": [
"RD-2918"
],
"discovery": "EXTERNAL"
}
}

84
2020/29xxx/CVE-2020-29031.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "VulnerabilityReporting@secomea.com",
"ID": "CVE-2020-29031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "All",
"version_value": "9.2c"
}
]
}
}
]
},
"vendor_name": "Secomea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2920",
"name": "https://www.secomea.com/support/cybersecurity-advisory/#2920"
}
]
},
"source": {
"defect": [
"RD-2920"
],
"discovery": "EXTERNAL"
}
}

194
2020/4xxx/CVE-2020-4954.json
View File

@ -1,99 +1,99 @@
{
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "L",
"I" : "L",
"SCORE" : "4.200",
"AV" : "A",
"PR" : "N",
"UI" : "N",
"S" : "U",
"AC" : "H",
"A" : "N"
},
"TM" : {
"RL" : "O",
"E" : "U",
"RC" : "C"
}
}
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Bypass Security",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6404966",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6404966",
"title" : "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)"
},
{
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153",
"refsource" : "XF",
"name" : "ibm-spectrum-cve20204954-auth-bypass (192153)"
}
]
},
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-02-12T00:00:00",
"ID" : "CVE-2020-4954"
},
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.1"
},
{
"version_value" : "7.1"
},
{
"version_value" : "8.1.10.100"
},
{
"version_value" : "7.1.12"
}
]
},
"product_name" : "Spectrum Protect Operations Center"
}
]
},
"vendor_name" : "IBM"
"impact": {
"cvssv3": {
"BM": {
"C": "L",
"I": "L",
"SCORE": "4.200",
"AV": "A",
"PR": "N",
"UI": "N",
"S": "U",
"AC": "H",
"A": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
]
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.",
"lang" : "eng"
}
]
}
}
}
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Bypass Security",
"lang": "eng"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6404966",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6404966",
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)"
},
{
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153",
"refsource": "XF",
"name": "ibm-spectrum-cve20204954-auth-bypass (192153)"
}
]
},
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4954"
},
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
},
"product_name": "Spectrum Protect Operations Center"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"description": {
"description_data": [
{
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.",
"lang": "eng"
}
]
}
}

192
2020/4xxx/CVE-2020-4955.json
View File

@ -1,99 +1,99 @@
{
"data_format" : "MITRE",
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-02-12T00:00:00",
"ID" : "CVE-2020-4955"
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"url" : "https://www.ibm.com/support/pages/node/6404966",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/pages/node/6404966"
},
{
"name" : "ibm-spectrum-cve20204955-code-exec (192155)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155",
"title" : "X-Force Vulnerability Report"
}
]
},
"data_type" : "CVE",
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "H",
"S" : "C",
"A" : "H",
"AC" : "H",
"PR" : "L",
"UI" : "N",
"AV" : "A",
"SCORE" : "8.000",
"I" : "H"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4955"
},
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "8.1"
},
{
"version_value" : "7.1"
},
{
"version_value" : "8.1.10.100"
},
{
"version_value" : "7.1.12"
}
]
},
"product_name" : "Spectrum Protect Operations Center"
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6404966",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204955-code-exec (192155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155",
"title": "X-Force Vulnerability Report"
}
]
}
},
"data_version" : "4.0"
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Gain Privileges",
"lang": "eng"
}
]
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"C": "H",
"S": "C",
"A": "H",
"AC": "H",
"PR": "L",
"UI": "N",
"AV": "A",
"SCORE": "8.000",
"I": "H"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
},
"product_name": "Spectrum Protect Operations Center"
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0"
}

192
2020/4xxx/CVE-2020-4956.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"DATE_PUBLIC" : "2021-02-12T00:00:00",
"ID" : "CVE-2020-4956"
},
"data_format" : "MITRE",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/pages/node/6404966",
"name" : "https://www.ibm.com/support/pages/node/6404966"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156",
"name" : "ibm-spectrum-cve20204956-dos (192156)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"data_type" : "CVE",
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RL" : "O",
"RC" : "C"
},
"BM" : {
"C" : "N",
"I" : "N",
"SCORE" : "4.800",
"PR" : "L",
"AV" : "A",
"UI" : "N",
"A" : "H",
"S" : "U",
"AC" : "H"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.",
"lang" : "eng"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4956"
},
"data_format": "MITRE",
"references": {
"reference_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum Protect Operations Center",
"version" : {
"version_data" : [
{
"version_value" : "8.1"
},
{
"version_value" : "7.1"
},
{
"version_value" : "8.1.10.100"
},
{
"version_value" : "7.1.12"
}
]
}
}
]
},
"vendor_name" : "IBM"
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/6404966",
"name": "https://www.ibm.com/support/pages/node/6404966"
},
{
"title": "X-Force Vulnerability Report",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156",
"name": "ibm-spectrum-cve20204956-dos (192156)"
}
]
}
},
"data_version" : "4.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"data_type": "CVE",
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RL": "O",
"RC": "C"
},
"BM": {
"C": "N",
"I": "N",
"SCORE": "4.800",
"PR": "L",
"AV": "A",
"UI": "N",
"A": "H",
"S": "U",
"AC": "H"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.",
"lang": "eng"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_version": "4.0"
}

12
2021/23xxx/CVE-2021-23338.json
View File

@ -48,12 +48,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635",
"name": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/418sec/huntr/pull/1329"
"refsource": "MISC",
"url": "https://github.com/418sec/huntr/pull/1329",
"name": "https://github.com/418sec/huntr/pull/1329"
}
]
},
@ -61,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package qlib.\n The workflow function in cli part of qlib was using an unsafe YAML load function.\n"
"value": "This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function."
}
]
},

18
2021/27xxx/CVE-2021-27216.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}