admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-27 21:00:53 +00:00
parent 5a7506131b
commit f0872385c2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
6 changed files with 190 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2020/24xxx/CVE-2020-24574.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based \"trusted client\" protection mechanism."
"value": "The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based \"trusted client\" protection mechanism."
}
]
},
@ -66,6 +66,11 @@
"url": "https://github.com/jtesta/gog_galaxy_client_service_poc",
"refsource": "MISC",
"name": "https://github.com/jtesta/gog_galaxy_client_service_poc"
},
{
"refsource": "MISC",
"name": "https://github.com/jtesta/gog_galaxy_client_service_poc/issues/1#issuecomment-926932218",
"url": "https://github.com/jtesta/gog_galaxy_client_service_poc/issues/1#issuecomment-926932218"
}
]
}

61
2020/24xxx/CVE-2020-24930.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24930",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/wuzhicms/wuzhicms/issues/191",
"refsource": "MISC",
"name": "https://github.com/wuzhicms/wuzhicms/issues/191"
},
{
"refsource": "MISC",
"name": "https://www.cnvd.org.cn/flaw/show/2394661",
"url": "https://www.cnvd.org.cn/flaw/show/2394661"
}
]
}

2
2020/27xxx/CVE-2020-27339.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode calls a function outside of SMRAM in response to a crafted software SMI, aka Inclusion of Functionality from an Untrusted Control Sphere. Modifying the well-known address of this function allows an attacker to gain control of the system with the privileges of system management mode."
"value": "Insyde found that a number of SMM drivers in InsydeH2O did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The following drivers were affected by this vulnerability: 1. PnpSmm 2. SmmResourceCheckDxe 3. BeepStatusCode For these three, an updated version was made for Kernel 5.0 - Kernel 5.5 in the following versions: 05.08.23/05.16.23/05.26.23/05.35.23/05.43.23/05.51.23 4. AhciBusDxe 5. IdeBusDxe 6. NvmExpressDxe 7. SdHostDriverDxe 10. SdMmcDeviceDxe For these, an updated version was released in Kernel 5.1 - Kernel 5.5 in the following versions: 05.16.25,05.26.25,05.35.25,05.43.25,05.51.25"
}
]
},

61
2021/37xxx/CVE-2021-37270.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cnvd.org.cn/flaw/show/2815129",
"refsource": "MISC",
"name": "https://www.cnvd.org.cn/flaw/show/2815129"
},
{
"refsource": "MISC",
"name": "https://github.com/purple-WL/S-cms-Unauthorized",
"url": "https://github.com/purple-WL/S-cms-Unauthorized"
}
]
}

61
2021/37xxx/CVE-2021-37274.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cnvd.org.cn/flaw/show/2740765",
"refsource": "MISC",
"name": "https://www.cnvd.org.cn/flaw/show/2740765"
},
{
"refsource": "MISC",
"name": "https://github.com/purple-WL/CNVD-2020-75301/issues/1",
"url": "https://github.com/purple-WL/CNVD-2020-75301/issues/1"
}
]
}

18
2021/3xxx/CVE-2021-3837.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3837",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}