admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-01-26 20:01:43 +00:00
parent 2a63715e49
commit e0035f421f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
18 changed files with 202 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
2019/25xxx/CVE-2019-25015.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-25015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-25015",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/openwrt/luci/commit/bc17ef673f734ea8e7e696ba5735588da9111dcd",
"refsource": "MISC",
"name": "https://github.com/openwrt/luci/commit/bc17ef673f734ea8e7e696ba5735588da9111dcd"
},
{
"url": "https://openwrt.org/advisory/2019-11-05-1",
"refsource": "MISC",
"name": "https://openwrt.org/advisory/2019-11-05-1"
}
]
}

5
2020/25xxx/CVE-2020-25649.json
View File

@ -213,11 +213,6 @@
"refsource": "MLIST",
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"
}
]
},

5
2020/25xxx/CVE-2020-25681.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-84440e87ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
}
]
},

5
2020/25xxx/CVE-2020-25682.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-84440e87ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
}
]
},

5
2020/25xxx/CVE-2020-25683.json
View File

@ -58,11 +58,6 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-84440e87ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-17",
"url": "https://security.gentoo.org/glsa/202101-17"
}
]
},

5
2020/25xxx/CVE-2020-25684.json
View File

@ -58,11 +58,6 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-84440e87ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-17",
"url": "https://security.gentoo.org/glsa/202101-17"
}
]
},

5
2020/25xxx/CVE-2020-25685.json
View File

@ -58,11 +58,6 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-84440e87ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-17",
"url": "https://security.gentoo.org/glsa/202101-17"
}
]
},

5
2020/25xxx/CVE-2020-25686.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-84440e87ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
}
]
},

5
2020/25xxx/CVE-2020-25687.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-84440e87ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
}
]
},

5
2020/35xxx/CVE-2020-35653.json
View File

@ -61,11 +61,6 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-a8ddc1ce70",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-880aa7bd27",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/"
}
]
}

5
2020/35xxx/CVE-2020-35654.json
View File

@ -61,11 +61,6 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-a8ddc1ce70",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-880aa7bd27",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/"
}
]
}

5
2020/35xxx/CVE-2020-35655.json
View File

@ -61,11 +61,6 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-a8ddc1ce70",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-880aa7bd27",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/"
}
]
}

5
2020/36xxx/CVE-2020-36193.json
View File

@ -61,11 +61,6 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210121 [SECURITY] [DLA-2530-1] drupal7 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00018.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-23",
"url": "https://security.gentoo.org/glsa/202101-23"
}
]
}

50
2020/36xxx/CVE-2020-36199.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36199",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kaspersky TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-j2vj-mhr6-795m"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places."
}
]
}

50
2020/36xxx/CVE-2020-36200.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-36200",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnerability@kaspersky.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kaspersky TinyCheck",
"version": {
"version_data": [
{
"version_value": "without commits 9fd360d and ea53de8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h",
"url": "https://github.com/KasperskyLab/TinyCheck/security/advisories/GHSA-gqpw-3669-6w5h"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs."
}
]
}

52
2021/21xxx/CVE-2021-21261.json
View File

@ -19,7 +19,7 @@
"version_value": ">= 0.11.4, < 1.8.5"
},
{
"version_value": ">= 1.9.0, < 1.10.0"
"version_value": ">= 1.9.0, < 1.9.4"
}
]
}
@ -38,7 +38,7 @@
"description_data": [
{
"lang": "eng",
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0."
"value": "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.9.4. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.9.4."
}
]
},
@ -77,40 +77,40 @@
"refsource": "CONFIRM",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2"
},
{
"name": "https://github.com/flatpak/flatpak/commit/57416f380600d9754df12baf5b227144ff1bb54d",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/57416f380600d9754df12baf5b227144ff1bb54d"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6a11007021658518c088ba0cc5e4da27962a940a",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/6a11007021658518c088ba0cc5e4da27962a940a"
},
{
"name": "https://github.com/flatpak/flatpak/commit/dcd24941c7087c5f7e8033abe50b178ac02a34af",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/dcd24941c7087c5f7e8033abe50b178ac02a34af"
},
{
"name": "https://github.com/flatpak/flatpak/commit/fb1eaefbceeb73f02eb1bc85865d74a414faf8b8",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/fb1eaefbceeb73f02eb1bc85865d74a414faf8b8"
},
{
"name": "https://github.com/flatpak/flatpak/releases/tag/1.8.5",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/releases/tag/1.8.5"
},
{
"name": "DSA-4830",
"refsource": "DEBIAN",
"name": "DSA-4830",
"url": "https://www.debian.org/security/2021/dsa-4830"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486"
},
{
"name": "https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b"
},
{
"name": "https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4"
},
{
"name": "https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba"
},
{
"refsource": "GENTOO",
"name": "GLSA-202101-21",
"url": "https://security.gentoo.org/glsa/202101-21"
"refsource": "MLIST",
"name": "[oss-security] 20210121 CVE-2021-21261: Flatpak sandbox escape via spawn portal (aka GHSA-4ppf-fxf6-vxg2)",
"url": "http://www.openwall.com/lists/oss-security/2021/01/21/4"
}
]
},

5
2021/3xxx/CVE-2021-3121.json
View File

@ -66,11 +66,6 @@
"refsource": "MLIST",
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E"
}
]
}

63
2021/3xxx/CVE-2021-3186.json
View File

@ -1,66 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3186",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.hackingarticles.in/exploiting-stored-cross-site-scripting-at-tenda-ac5-ac1200/",
"url": "https://www.hackingarticles.in/exploiting-stored-cross-site-scripting-at-tenda-ac5-ac1200/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161119/Tenda-AC5-AC1200-Wireless-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/161119/Tenda-AC5-AC1200-Wireless-Cross-Site-Scripting.html"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}