admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #411 from CVEProject/master

Browse Source 
XFA Rebase
This commit is contained in:
Scott Moore 2021-03-03 11:53:39 -05:00 committed by GitHub
commit fd6726c60c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
79 changed files with 3518 additions and 257 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/15xxx/CVE-2017-15288.json
View File

@ -141,6 +141,11 @@
"refsource": "MLIST",
"name": "[druid-commits] 20210302 [GitHub] [druid] abhishekagarwal87 opened a new pull request #10933: Suppress CVE-2017-15288 and upgrade bcprov-ext-jdk15on",
"url": "https://lists.apache.org/thread.html/r32e0b1d5ff43ac3ed4b179a4e663022d1c5ccac77884a99ea149e633@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20210302 [GitHub] [druid] maytasm merged pull request #10933: Suppress CVE-2017-15288 and upgrade bcprov-ext-jdk15on",
"url": "https://lists.apache.org/thread.html/r1d51eae81ceb7bfd1780936a48b460ab31d53ff2ed526a88a7f60fe4@%3Ccommits.druid.apache.org%3E"
}
]
}

88
2020/10xxx/CVE-2020-10519.json
View File

@ -1,18 +1,94 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2020-10519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.20",
"version_value": "2.20.24"
},
{
"version_affected": "<",
"version_name": "2.21",
"version_value": "2.21.15"
},
{
"version_affected": "<",
"version_name": "2.22",
"version_value": "2.22.7"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "yvvdwf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24",
"name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24"
},
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15",
"name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15"
},
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7",
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

106
2020/12xxx/CVE-2020-12527.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}

106
2020/12xxx/CVE-2020-12528.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12528",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}

106
2020/12xxx/CVE-2020-12529.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12529",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}

106
2020/12xxx/CVE-2020-12530.json
View File

@ -1,18 +1,112 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12530",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}

15
2020/13xxx/CVE-2020-13949.json
View File

@ -123,6 +123,21 @@
"refsource": "MLIST",
"name": "[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949",
"url": "https://lists.apache.org/thread.html/r6990c849aeafe65366794bfd002febd47b7ffa8cf3c059b400bbb11d@%3Cissues.hbase.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"url": "https://lists.apache.org/thread.html/r298a25228868ebc0943d56c8f3641212a0962d2dbcf1507d5860038e@%3Cissues.hbase.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"url": "https://lists.apache.org/thread.html/rf741d08c7e0ab1542c81ea718467422bd01159ed284796a36ad88311@%3Cissues.hbase.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949",
"url": "https://lists.apache.org/thread.html/r278e96edc4bc13efb2cb1620a73e48f569162b833c6bda3e6ea18b80@%3Cissues.hbase.apache.org%3E"
}
]
},

5
2020/13xxx/CVE-2020-13956.json
View File

@ -113,6 +113,11 @@
"refsource": "MLIST",
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858@%3Cissues.hive.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E"
}
]
},

5
2020/14xxx/CVE-2020-14871.json
View File

@ -83,6 +83,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210302 Announce: OpenSSH 8.5 released",
"url": "http://www.openwall.com/lists/oss-security/2021/03/03/1"
}
]
}

5
2020/15xxx/CVE-2020-15705.json
View File

@ -170,6 +170,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1282",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
}
]
},

66
2020/15xxx/CVE-2020-15937.json
View File

@ -4,14 +4,74 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15937",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "Fortinet FortiOS",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.4.1, 6.2.5"
}
]
}
}
]
}
}
]
}
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://fortiguard.com/advisory/FG-IR-20-068",
"url": "https://fortiguard.com/advisory/FG-IR-20-068"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard."
}
]
}

56
2020/23xxx/CVE-2020-23518.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/47289",
"url": "https://www.exploit-db.com/exploits/47289"
}
]
}

5
2020/25xxx/CVE-2020-25787.json
View File

@ -61,6 +61,11 @@
"url": "https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799",
"refsource": "MISC",
"name": "https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161606/TinyTinyRSS-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161606/TinyTinyRSS-Remote-Code-Execution.html"
}
]
}

25
2020/27xxx/CVE-2020-27216.json
View File

@ -355,6 +355,31 @@
"refsource": "MLIST",
"name": "[beam-issues] 20210223 [jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r4179c71908778cc0598ee8ee1eaed9b88fc5483c65373f45e087f650@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210302 [jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rb81a018f83fe02c95a2138a7bb4f1e1677bd7e1fc1e7024280c2292d@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[beam-issues] 20210302 [jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rcfb95a7c69c4b9c082ea1918e812dfc45aa0d1e120fd47f68251a336@%3Cissues.beam.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[iotdb-notifications] 20210303 [jira] [Created] (IOTDB-1181) Upgrade jetty jar to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rcdd56ab4255801a0964dcce3285e87f2c6994e6469e189f6836f34e3@%3Cnotifications.iotdb.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[iotdb-reviews] 20210303 [GitHub] [iotdb] wangchao316 opened a new pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/rc8dd95802be0cca8d7d0929c0c8484ede384ecb966b2a9dc7197b089@%3Creviews.iotdb.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[iotdb-reviews] 20210303 [GitHub] [iotdb] wangchao316 commented on pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216",
"url": "https://lists.apache.org/thread.html/r503045a75f4419d083cb63ac89e765d6fb8b10c7dacc0c54fce07cff@%3Creviews.iotdb.apache.org%3E"
}
]
}

50
2020/27xxx/CVE-2020-27223.json
View File

@ -99,6 +99,56 @@
"refsource": "MLIST",
"name": "[kafka-jira] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223",
"url": "https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881a30da36020ca72a4b@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20210302 [GitHub] [druid] a2l007 opened a new pull request #10937: Upgrade jetty to latest version",
"url": "https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210302 [GitHub] [kafka] ableegoldman commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
"url": "https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2afa6a501254ed4feaed@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223",
"url": "https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd118d31ecedafa679a@%3Cdev.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223",
"url": "https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086eba1bef3115350a388@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
"url": "https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b436505bcd8c6ccc713c@%3Ccommits.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-commits] 20210302 [kafka] branch 2.8 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
"url": "https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800fd882792a55520115e@%3Ccommits.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
"url": "https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9dd45f8ffbea98e5ad@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
"url": "https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede49f6128968773595c@%3Ccommits.kafka.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E",
"url": "https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E"
}
]
}

10
2020/28xxx/CVE-2020-28243.json
View File

@ -66,6 +66,16 @@
"refsource": "MISC",
"name": "https://sec.stealthcopter.com/cve-2020-28243/",
"url": "https://sec.stealthcopter.com/cve-2020-28243/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

56
2020/28xxx/CVE-2020-28657.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-28657",
"url": "https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-28657"
}
]
}

10
2020/28xxx/CVE-2020-28972.json
View File

@ -56,6 +56,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

66
2020/35xxx/CVE-2020-35296.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-35296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-35296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zoujingli/ThinkAdmin",
"refsource": "MISC",
"name": "https://github.com/zoujingli/ThinkAdmin"
},
{
"refsource": "MISC",
"name": "https://github.com/Shrimant12/CVE-References/blob/main/CVE-2020-35296.md",
"url": "https://github.com/Shrimant12/CVE-References/blob/main/CVE-2020-35296.md"
},
{
"refsource": "MISC",
"name": "https://smshrimant.com/admin-panel-access-using-default-credentials/",
"url": "https://smshrimant.com/admin-panel-access-using-default-credentials/"
}
]
}

10
2020/35xxx/CVE-2020-35662.json
View File

@ -56,6 +56,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
},

12
2020/36xxx/CVE-2020-36079.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory."
"value": "** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has \"lots of other possibilities to harm a site.\""
}
]
},
@ -56,6 +56,16 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html"
},
{
"refsource": "MISC",
"name": "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/",
"url": "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/"
},
{
"refsource": "MISC",
"name": "https://github.com/zenphoto/zenphoto/issues/1292",
"url": "https://github.com/zenphoto/zenphoto/issues/1292"
}
]
}

88
2020/4xxx/CVE-2020-4719.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4719",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-26T00:00:00"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"data_type": "CVE",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.",
"lang": "eng"
}
]
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cloud APM",
"version": {
"version_data": [
{
"version_value": "8.1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6417137",
"title": "IBM Security Bulletin 6417137 (Cloud APM)",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6417137"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187861",
"name": "ibm-monitoring-cve20204719-sec-bypass (187861)",
"title": "X-Force Vulnerability Report",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"SCORE": "4.900",
"PR": "H",
"I": "H",
"AV": "N",
"A": "N",
"S": "U",
"C": "N",
"AC": "L"
},
"TM": {
"RL": "O",
"RC": "C",
"E": "U"
}
}
},
"data_version": "4.0",
"data_format": "MITRE"
}

88
2020/4xxx/CVE-2020-4725.json
View File

@ -1,18 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4725",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cloud APM",
"version": {
"version_data": [
{
"version_value": "8.1.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Data Manipulation",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-4725",
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-26T00:00:00"
},
"data_type": "CVE",
"data_version": "4.0",
"data_format": "MITRE",
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6417137",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6417137 (Cloud APM)",
"name": "https://www.ibm.com/support/pages/node/6417137"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-monitoring-cve20204725-content-spoofing (187974)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187974"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"UI": "N",
"I": "L",
"AV": "N",
"PR": "L",
"SCORE": "4.300",
"S": "U",
"A": "N",
"AC": "L",
"C": "N"
},
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
}
}
}
}

88
2020/4xxx/CVE-2020-4726.json
View File

@ -1,17 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-4726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Cloud APM",
"version": {
"version_data": [
{
"version_value": "8.1.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975."
}
]
},
"data_type": "CVE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2021-02-26T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2020-4726",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "U",
"RC": "C"
},
"BM": {
"UI": "N",
"AV": "L",
"I": "N",
"PR": "N",
"SCORE": "4.000",
"S": "U",
"A": "N",
"AC": "L",
"C": "L"
}
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6417137",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/pages/node/6417137",
"title": "IBM Security Bulletin 6417137 (Cloud APM)"
},
{
"name": "ibm-monitoring-cve20204726-info-disc (187975)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187975"
}
]
}

28
2021/0xxx/CVE-2021-0215.json
View File

@ -4,7 +4,7 @@
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-0215",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX Series, QFX Series, SRX Branch Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps"
"TITLE": "Junos OS: EX Series, QFX Series, SRX Branch Series, MX Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps"
},
"affects": {
"vendor": {
@ -45,73 +45,73 @@
"version_value": "15.1X53-D593"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S2, 19.1R3"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"platform": "SRX Branch Series, EX Series, QFX Series",
"platform": "SRX Branch Series, EX Series, QFX Series, MX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
@ -139,7 +139,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos EX series, QFX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administrator can use the following CLI command to monitor the status of memory consumption: user@device> show task memory detail Please refer to https://kb.juniper.net/KB31522 for details. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D54; 15.1X49 versions prior to 15.1X49-D240 ; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. This issue does not affect Juniper Networks Junos OS 12.3, 15.1."
"value": "On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An administrator can use the following CLI command to monitor the status of memory consumption: user@device> show task memory detail Please refer to https://kb.juniper.net/KB31522 for details. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D54; 15.1X49 versions prior to 15.1X49-D240 ; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. This issue does not affect Juniper Networks Junos OS 12.3, 15.1."
}
]
},

82
2021/21xxx/CVE-2021-21255.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "entities switch IDOR"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_value": "= 9.5.3"
}
]
}
}
]
},
"vendor_name": "glpi-project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j"
},
{
"name": "https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc",
"refsource": "MISC",
"url": "https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc"
}
]
},
"source": {
"advisory": "GHSA-v3m5-r3mx-ff9j",
"discovery": "UNKNOWN"
}
}

82
2021/21xxx/CVE-2021-21258.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "XSS injection in ajax/kanban"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_value": ">= 9.5.0, < 9.5.4"
}
]
}
}
]
},
"vendor_name": "glpi-project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx"
},
{
"name": "https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15",
"refsource": "MISC",
"url": "https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15"
}
]
},
"source": {
"advisory": "GHSA-j4xj-4qmc-mmmx",
"discovery": "UNKNOWN"
}
}

35
2021/21xxx/CVE-2021-21290.json
View File

@ -116,6 +116,41 @@
"refsource": "MLIST",
"name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"url": "https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b@%3Cdev.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12389) Upgrade of netty-codec due to CVE-2021-21290",
"url": "https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"url": "https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"url": "https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214@%3Ccommits.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"url": "https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f@%3Ccommits.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
"url": "https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E"
}
]
},

5
2021/21xxx/CVE-2021-21311.json
View File

@ -88,6 +88,11 @@
"name": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351",
"refsource": "MISC",
"url": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210302 [SECURITY] [DLA 2580-1] adminer security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"
}
]
},

87
2021/21xxx/CVE-2021-21352.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21352",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Predictable tokens used for password resets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "timetracker",
"version": {
"version_data": [
{
"version_value": "< 1.19.24.5415"
}
]
}
}
]
},
"vendor_name": "anuko"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator. This vulnerability is pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.anuko.com/time-tracker/index.htm",
"refsource": "MISC",
"url": "https://www.anuko.com/time-tracker/index.htm"
},
{
"name": "https://github.com/anuko/timetracker/security/advisories/GHSA-43c9-rx4h-4gqq",
"refsource": "CONFIRM",
"url": "https://github.com/anuko/timetracker/security/advisories/GHSA-43c9-rx4h-4gqq"
},
{
"name": "https://github.com/anuko/timetracker/commit/40f3d9345adc20e6f28eb9f59e2489aff87fecf5",
"refsource": "MISC",
"url": "https://github.com/anuko/timetracker/commit/40f3d9345adc20e6f28eb9f59e2489aff87fecf5"
}
]
},
"source": {
"advisory": "GHSA-43c9-rx4h-4gqq",
"discovery": "UNKNOWN"
}
}

107
2021/21xxx/CVE-2021-21353.json
View File

@ -1,18 +1,113 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21353",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Remote code execution in pug"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pug",
"version": {
"version_data": [
{
"version_value": "< 3.0.1"
}
]
}
}
]
},
"vendor_name": "pugjs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including \"pug\", \"pug-code-gen\". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pugjs/pug/security/advisories/GHSA-p493-635q-r6gr",
"refsource": "CONFIRM",
"url": "https://github.com/pugjs/pug/security/advisories/GHSA-p493-635q-r6gr"
},
{
"name": "https://github.com/pugjs/pug/issues/3312",
"refsource": "MISC",
"url": "https://github.com/pugjs/pug/issues/3312"
},
{
"name": "https://github.com/pugjs/pug/pull/3314",
"refsource": "MISC",
"url": "https://github.com/pugjs/pug/pull/3314"
},
{
"name": "https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0",
"refsource": "MISC",
"url": "https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0"
},
{
"name": "https://github.com/pugjs/pug/releases/tag/pug%403.0.1",
"refsource": "MISC",
"url": "https://github.com/pugjs/pug/releases/tag/pug%403.0.1"
},
{
"name": "https://www.npmjs.com/package/pug",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/pug"
},
{
"name": "https://www.npmjs.com/package/pug-code-gen",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/pug-code-gen"
}
]
},
"source": {
"advisory": "GHSA-p493-635q-r6gr",
"discovery": "UNKNOWN"
}
}

2
2021/21xxx/CVE-2021-21476.json
View File

@ -63,7 +63,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAP UI5, versions - 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1, allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities."
"value": "SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities."
}
]
},

45
2021/21xxx/CVE-2021-21513.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-03-01",
"ID": "CVE-2021-21513",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-03-01",
"ID": "CVE-2021-21513",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Dell Open Manage Server Administrator",
"product_name": "Dell Open Manage Server Administrator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<=",
"version_value": "9.5"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. \r\n\r\nA remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system."
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 8.6,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"baseScore": 8.6,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities",
"name": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities"
}
]
}

45
2021/21xxx/CVE-2021-21514.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-03-01",
"ID": "CVE-2021-21514",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-03-01",
"ID": "CVE-2021-21514",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Dell Open Manage Server Administrator",
"product_name": "Dell Open Manage Server Administrator",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<=",
"version_value": "9.5"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request."
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 4.9,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities",
"name": "https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities"
}
]
}

79
2021/22xxx/CVE-2021-22187.json
View File

@ -4,15 +4,86 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22187",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": "<=X.Y"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/300452",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/300452",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22187.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22187.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 12.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

50
2021/22xxx/CVE-2021-22294.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_value": "HarmonyOS 2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources."
}
]
}

50
2021/22xxx/CVE-2021-22296.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@huawei.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_value": "HarmonyOS 2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Attempt to Access Child of a Non-structure Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system."
}
]
}

98
2021/22xxx/CVE-2021-22861.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.20",
"version_value": "2.20.24"
},
{
"version_affected": "<",
"version_name": "2.21",
"version_value": "2.21.15"
},
{
"version_affected": "<",
"version_name": "2.22",
"version_value": "2.22.7"
},
{
"version_affected": "<",
"version_name": "3.0",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Teddy Katz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24",
"name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24"
},
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15",
"name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15"
},
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7",
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7"
},
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1",
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

68
2021/22xxx/CVE-2021-22862.json
View File

@ -1,18 +1,74 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Teddy Katz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1",
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

98
2021/22xxx/CVE-2021-22863.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "product-cna@github.com",
"ID": "CVE-2021-22863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitHub Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.20",
"version_value": "2.20.24"
},
{
"version_affected": "<",
"version_name": "2.21",
"version_value": "2.21.15"
},
{
"version_affected": "<",
"version_name": "2.22",
"version_value": "2.22.7"
},
{
"version_affected": "<",
"version_name": "3.0",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "GitHub"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Teddy Katz"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24",
"name": "https://docs.github.com/en/enterprise-server@2.20/admin/release-notes#2.20.24"
},
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15",
"name": "https://docs.github.com/en/enterprise-server@2.21/admin/release-notes#2.21.15"
},
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7",
"name": "https://docs.github.com/en/enterprise-server@2.22/admin/release-notes#2.22.7"
},
{
"refsource": "MISC",
"url": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1",
"name": "https://docs.github.com/en/enterprise-server@3.0/admin/release-notes#3.0.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

90
2021/23xxx/CVE-2021-23347.json
View File

@ -3,16 +3,98 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-03-03T09:52:51.235817Z",
"ID": "CVE-2021-23347",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "github.com/argoproj/argo-cd/cmd",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.7.13"
},
{
"version_affected": ">=",
"version_value": "1.8.0"
},
{
"version_affected": "<",
"version_value": "1.8.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291",
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291"
},
{
"refsource": "MISC",
"url": "https://github.com/argoproj/argo-cd/pull/5563",
"name": "https://github.com/argoproj/argo-cd/pull/5563"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user."
}
]
}
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "jannfis"
}
]
}

5
2021/23xxx/CVE-2021-23840.json
View File

@ -94,6 +94,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210219-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-03",
"url": "https://www.tenable.com/security/tns-2021-03"
}
]
}

5
2021/23xxx/CVE-2021-23841.json
View File

@ -94,6 +94,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210219-0009/",
"url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2021-03",
"url": "https://www.tenable.com/security/tns-2021-03"
}
]
}

56
2021/25xxx/CVE-2021-25252.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Virus Scan API (VSAPI) Engine\r\n",
"version": {
"version_data": [
{
"version_value": "12.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Exhaustion"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/solution/000285675",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000285675"
}
]
}

10
2021/25xxx/CVE-2021-25281.json
View File

@ -66,6 +66,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

10
2021/25xxx/CVE-2021-25282.json
View File

@ -61,6 +61,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

10
2021/25xxx/CVE-2021-25283.json
View File

@ -61,6 +61,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

10
2021/25xxx/CVE-2021-25284.json
View File

@ -61,6 +61,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

105
2021/25xxx/CVE-2021-25315.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-03-01T00:00:00.000Z",
"ID": "CVE-2021-25315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "salt-api unauthenticated remote code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15 SP 3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "salt",
"version_value": "3002.2-3"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Tumbleweed",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "salt",
"version_value": "3002.2-2.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-303: Incorrect Implementation of Authentication Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1182382",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182382"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1182382",
"defect": [
"1182382"
],
"discovery": "INTERNAL"
}
}

50
2021/25xxx/CVE-2021-25330.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "mobile.security@samsung.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_value": "Selected Q(10.0) prior to SMR Feb-2021 Release 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Control of Generation of Code ('Code Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider."
}
]
}

2
2021/25xxx/CVE-2021-25758.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution."
"value": "In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution."
}
]
},

90
2021/26xxx/CVE-2021-26412.json
View File

@ -3,15 +3,99 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2021-26412",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412"
}
]
}

56
2021/26xxx/CVE-2021-26813.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/trentm/python-markdown2/pull/387",
"refsource": "MISC",
"name": "https://github.com/trentm/python-markdown2/pull/387"
}
]
}

90
2021/26xxx/CVE-2021-26854.json
View File

@ -3,15 +3,99 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2021-26854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854"
}
]
}

90
2021/26xxx/CVE-2021-26855.json
View File

@ -3,15 +3,99 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2021-26855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855"
}
]
}

100
2021/26xxx/CVE-2021-26857.json
View File

@ -3,15 +3,109 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2021-26857",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857"
}
]
}

90
2021/26xxx/CVE-2021-26858.json
View File

@ -3,15 +3,99 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2021-26858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858"
}
]
}

90
2021/27xxx/CVE-2021-27065.json
View File

@ -3,15 +3,99 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2021-27065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065"
}
]
}

90
2021/27xxx/CVE-2021-27078.json
View File

@ -3,15 +3,99 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2021-27078",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 19",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 8",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 7",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 18",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078"
}
]
}

66
2021/27xxx/CVE-2021-27215.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate",
"refsource": "MISC",
"name": "https://www.genua.de/en/it-security-solutions/high-resistance-firewall-genugate"
},
{
"refsource": "MISC",
"name": "https://kunde.genua.de/en/overview/genugate.html",
"url": "https://kunde.genua.de/en/overview/genugate.html"
},
{
"refsource": "MISC",
"name": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/",
"url": "https://sec-consult.com/vulnerability-lab/advisory/authentication-bypass-genua-genugate/"
}
]
}

10
2021/27xxx/CVE-2021-27803.json
View File

@ -71,6 +71,16 @@
"refsource": "MLIST",
"name": "[oss-security] 20210227 Re: wpa_supplicant P2P provision discovery processing vulnerability",
"url": "http://www.openwall.com/lists/oss-security/2021/02/27/1"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-3430f96019",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210302 [SECURITY] [DLA 2581-1] wpa security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html"
}
]
}

5
2021/27xxx/CVE-2021-27804.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2021/03/01/3",
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/3"
},
{
"refsource": "FULLDISC",
"name": "20210302 Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804)",
"url": "http://seclists.org/fulldisclosure/2021/Mar/2"
}
]
}

61
2021/27xxx/CVE-2021-27885.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27885",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/e107inc/e107/releases",
"refsource": "MISC",
"name": "https://github.com/e107inc/e107/releases"
},
{
"refsource": "MISC",
"name": "https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472",
"url": "https://github.com/e107inc/e107/commit/d9efdb9b5f424b4996c276e754a380a5e251f472"
}
]
}

18
2021/27xxx/CVE-2021-27918.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27919.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27920.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

62
2021/27xxx/CVE-2021-27921.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html",
"refsource": "MISC",
"name": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html"
}
]
}
}

62
2021/27xxx/CVE-2021-27922.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html",
"refsource": "MISC",
"name": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html"
}
]
}
}

62
2021/27xxx/CVE-2021-27923.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html",
"refsource": "MISC",
"name": "https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html"
}
]
}
}

18
2021/27xxx/CVE-2021-27924.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27924",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27925.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27925",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/27xxx/CVE-2021-27926.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27926",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

57
2021/2xxx/CVE-2021-2138.json
View File

@ -3,15 +3,66 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Cloud Infrastructure Data Science Notebook Sessions",
"version": {
"version_data": [
{
"version_value": "*"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes to compromise Oracle Cloud Infrastructure Data Science Notebook Sessions. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data. All affected customers were notified of CVE-2021-2138 by Oracle. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)"
}
]
},
"impact": {
"cvss": {
"baseScore": "4.6",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes to compromise Oracle Cloud Infrastructure Data Science Notebook Sessions. Successful attacks of this vulnerability can resultin unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data. All affected customers were notified of CVE-2021-2138 by Oracle."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://support.oracle.com",
"name": "https://support.oracle.com",
"refsource": "MISC"
}
]
}

10
2021/3xxx/CVE-2021-3144.json
View File

@ -61,6 +61,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

10
2021/3xxx/CVE-2021-3148.json
View File

@ -61,6 +61,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

10
2021/3xxx/CVE-2021-3197.json
View File

@ -61,6 +61,16 @@
"refsource": "CONFIRM",
"name": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-904a2dbc0c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5756fbf8a6",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/"
}
]
}

5
2021/3xxx/CVE-2021-3291.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://github.com/MucahitSaratar/zencart_auth_rce_poc",
"url": "https://github.com/MucahitSaratar/zencart_auth_rce_poc"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161613/Zen-Cart-1.5.7b-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161613/Zen-Cart-1.5.7b-Remote-Code-Execution.html"
}
]
}

56
2021/3xxx/CVE-2021-3384.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://advisories.stormshield.eu/2020-049/",
"url": "https://advisories.stormshield.eu/2020-049/"
}
]
}

4
2021/3xxx/CVE-2021-3419.json
View File

@ -5,13 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2021-3419",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
}
]
}