admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-04-08 11:00:40 +00:00
parent 6ff01968d0
commit f011233004
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 195 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/1xxx/CVE-2021-1629.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://help.salesforce.com/articleView?id=000357424&type=1&mode=1",
"url": "https://help.salesforce.com/articleView?id=000357424&type=1&mode=1"
},
{
"refsource": "FULLDISC",
"name": "20210408 [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629)",
"url": "http://seclists.org/fulldisclosure/2021/Apr/22"
}
]
},

5
2021/26xxx/CVE-2021-26709.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10216",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10216"
},
{
"refsource": "FULLDISC",
"name": "20210408 CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem",
"url": "http://seclists.org/fulldisclosure/2021/Apr/15"
}
]
}

25
2021/28xxx/CVE-2021-28165.json
View File

@ -217,6 +217,31 @@
"refsource": "MLIST",
"name": "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a@%3Cissues.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81@%3Cissues.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da@%3Creviews.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da@%3Creviews.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da@%3Cissues.spark.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
"url": "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913@%3Cissues.spark.apache.org%3E"
}
]
}

61
2021/28xxx/CVE-2021-28685.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28685",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\\SYSTEM privileges via a DeviceIoControl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"name": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b21743563df0",
"url": "https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b21743563df0"
}
]
}

61
2021/28xxx/CVE-2021-28686.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28686",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-28686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"name": "https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b21743563df0",
"url": "https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b21743563df0"
}
]
}

56
2021/3xxx/CVE-2021-3012.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3012",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI ArcGIS Online before 10.9 and Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.bssi.fr/cve-2021-3012-vulnerability-allowing-remote-html-javascript-code-injection-on-esri-arcgis-products/",
"url": "https://blog.bssi.fr/cve-2021-3012-vulnerability-allowing-remote-html-javascript-code-injection-on-esri-arcgis-products/"
}
]
}