admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-14 21:01:01 +00:00
parent 34761550ba
commit faa667f656
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
7 changed files with 314 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2020/24xxx/CVE-2020-24119.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-24119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-24119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/upx/upx/issues/388",
"url": "https://github.com/upx/upx/issues/388"
}
]
}

5
2020/25xxx/CVE-2020-25649.json
View File

@ -318,6 +318,11 @@
"refsource": "MLIST",
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"
}
]
},

55
2020/27xxx/CVE-2020-27833.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27833",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "openshift/oc",
"version": {
"version_data": [
{
"version_value": "up to & including openshift-clients-4.7.0-202104250659.p0.git.95881af"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://access.redhat.com/security/cve/CVE-2020-27833",
"url": "https://access.redhat.com/security/cve/CVE-2020-27833"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905945"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected."
}
]
}

65
2021/27xxx/CVE-2021-27737.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Apache Traffic Server",
"version": {
"version_data": [
{
"version_value": "Apache Traffic Server 9.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[trafficserver-announce] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin",
"url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cannounce.trafficserver.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[trafficserver-dev] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin",
"url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cdev.trafficserver.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[trafficserver-users] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin",
"url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cusers.trafficserver.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin."
}
]
}

66
2021/32xxx/CVE-2021-32054.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-32054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/FirelyTeam/spark/releases/tag/v1.5.5-r4",
"url": "https://github.com/FirelyTeam/spark/releases/tag/v1.5.5-r4"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FirelyTeam/spark/compare/v1.5.4-r4...v1.5.5-r4",
"url": "https://github.com/FirelyTeam/spark/compare/v1.5.4-r4...v1.5.5-r4"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/FirelyTeam/spark/commit/9c79320059f92d8aa4fbd6cc4fa8f9d5d6ba9941",
"url": "https://github.com/FirelyTeam/spark/commit/9c79320059f92d8aa4fbd6cc4fa8f9d5d6ba9941"
}
]
}

18
2021/33xxx/CVE-2021-33027.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

70
2021/3xxx/CVE-2021-3402.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "libyara",
"version": {
"version_data": [
{
"version_value": "libyara 4.0.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f41d5fc954",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-dd62918333",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1930175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930175"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2021/01/29/2",
"url": "https://www.openwall.com/lists/oss-security/2021/01/29/2"
},
{
"refsource": "MISC",
"name": "https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4"
}
]
}