admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-10-05 12:01:00 +00:00
parent 49f103411e
commit fa0a0402da
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 316 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2021/35xxx/CVE-2021-35503.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://blog.filerun.com",
"refsource": "MISC",
"name": "http://blog.filerun.com"
},
{
"refsource": "MISC",
"name": "https://syntegris-sec.github.io/filerun-advisory",
"url": "https://syntegris-sec.github.io/filerun-advisory"
}
]
}

61
2021/35xxx/CVE-2021-35504.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://blog.filerun.com",
"refsource": "MISC",
"name": "http://blog.filerun.com"
},
{
"refsource": "MISC",
"name": "https://syntegris-sec.github.io/filerun-advisory",
"url": "https://syntegris-sec.github.io/filerun-advisory"
}
]
}

61
2021/35xxx/CVE-2021-35505.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://blog.filerun.com",
"refsource": "MISC",
"name": "http://blog.filerun.com"
},
{
"refsource": "MISC",
"name": "https://syntegris-sec.github.io/filerun-advisory",
"url": "https://syntegris-sec.github.io/filerun-advisory"
}
]
}

61
2021/37xxx/CVE-2021-37223.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-37223",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-37223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.nagios.com/downloads/nagios-xi/change-log/",
"url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
},
{
"url": "http://nagios.com",
"refsource": "MISC",
"name": "http://nagios.com"
}
]
}

90
2021/39xxx/CVE-2021-39887.json
View File

@ -4,15 +4,97 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-39887",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=8.4, <14.1.7"
},
{
"version_value": ">=14.2, <14.2.5"
},
{
"version_value": ">=14.3, <14.3.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation ('cross-site scripting') in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/332903",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/332903",
"refsource": "MISC"
},
{
"name": "https://hackerone.com/reports/1218174",
"url": "https://hackerone.com/reports/1218174",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39887.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39887.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks saleemrashid for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

5
2021/41xxx/CVE-2021-41524.json
View File

@ -72,6 +72,11 @@
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"refsource": "MLIST",
"name": "[httpd-users] 20211005 [users@httpd] CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing",
"url": "https://lists.apache.org/thread.html/rc24a83c51a4ccf32155341301d513f8b6035405f84f9501cfa8117d4@%3Cusers.httpd.apache.org%3E"
}
]
},

5
2021/41xxx/CVE-2021-41773.json
View File

@ -73,6 +73,11 @@
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"name": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"refsource": "MLIST",
"name": "[httpd-users] 20211005 [users@httpd] CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49",
"url": "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f@%3Cusers.httpd.apache.org%3E"
}
]
},