Skip to content
This repository was archived by the owner on Jun 10, 2025. It is now read-only.

Commit 7a314fa

Browse files
cve-teamcve-team
committed
"-Synchronized-Data."
1 parent f6b7ee3 commit 7a314fa

File tree

10 files changed

+329
-17
lines changed

10 files changed

+329
-17
lines changed

2013/20xxx/CVE-2013-20001.json

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
{
2+
"CVE_data_meta": {
3+
"ASSIGNER": "[email protected]",
4+
"ID": "CVE-2013-20001",
5+
"STATE": "PUBLIC"
6+
},
7+
"affects": {
8+
"vendor": {
9+
"vendor_data": [
10+
{
11+
"product": {
12+
"product_data": [
13+
{
14+
"product_name": "n/a",
15+
"version": {
16+
"version_data": [
17+
{
18+
"version_value": "n/a"
19+
}
20+
]
21+
}
22+
}
23+
]
24+
},
25+
"vendor_name": "n/a"
26+
}
27+
]
28+
}
29+
},
30+
"data_format": "MITRE",
31+
"data_type": "CVE",
32+
"data_version": "4.0",
33+
"description": {
34+
"description_data": [
35+
{
36+
"lang": "eng",
37+
"value": "An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied."
38+
}
39+
]
40+
},
41+
"problemtype": {
42+
"problemtype_data": [
43+
{
44+
"description": [
45+
{
46+
"lang": "eng",
47+
"value": "n/a"
48+
}
49+
]
50+
}
51+
]
52+
},
53+
"references": {
54+
"reference_data": [
55+
{
56+
"url": "https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652",
57+
"refsource": "MISC",
58+
"name": "https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652"
59+
},
60+
{
61+
"url": "https://github.com/openzfs/zfs/releases",
62+
"refsource": "MISC",
63+
"name": "https://github.com/openzfs/zfs/releases"
64+
}
65+
]
66+
}
67+
}

2019/17xxx/CVE-2019-17558.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,11 @@
163163
"refsource": "MLIST",
164164
"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability",
165165
"url": "https://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca26c37bbad45e31de@%3Cissues.lucene.apache.org%3E"
166+
},
167+
{
168+
"refsource": "MLIST",
169+
"name": "[lucene-solr-user] 20210212 CVE-2019-17558 on SOLR 6.1",
170+
"url": "https://lists.apache.org/thread.html/r7b89b3dcfc1b6c52dd8d610b897ac98408245040c92b484fe97a51a2@%3Csolr-user.lucene.apache.org%3E"
166171
}
167172
]
168173
},

2020/11xxx/CVE-2020-11529.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
"description_data": [
3535
{
3636
"lang": "eng",
37-
"value": "Common/Grav.php in Grav before 1.6.23 has an Open Redirect."
37+
"value": "Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x."
3838
}
3939
]
4040
},
@@ -61,6 +61,11 @@
6161
"url": "https://getgrav.org/#changelog",
6262
"refsource": "MISC",
6363
"name": "https://getgrav.org/#changelog"
64+
},
65+
{
66+
"refsource": "MISC",
67+
"name": "https://github.com/getgrav/grav/issues/3134",
68+
"url": "https://github.com/getgrav/grav/issues/3134"
6469
}
6570
]
6671
}

2020/13xxx/CVE-2020-13949.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2020-13949",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "Apache Thrift",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "Apache Thrift 0.9.3 to 0.13.0"
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "Potential DoS when processing untrusted Thrift payloads"
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E",
50+
"url": "https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service."
1559
}
1660
]
1761
}

2020/14xxx/CVE-2020-14145.json

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
"description_data": [
3535
{
3636
"lang": "eng",
37-
"value": "The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client)."
37+
"value": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client)."
3838
}
3939
]
4040
},
@@ -76,6 +76,16 @@
7676
"refsource": "MISC",
7777
"name": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
7878
"url": "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d"
79+
},
80+
{
81+
"refsource": "MISC",
82+
"name": "https://docs.ssh-mitm.at/CVE-2020-14145.html",
83+
"url": "https://docs.ssh-mitm.at/CVE-2020-14145.html"
84+
},
85+
{
86+
"refsource": "MISC",
87+
"name": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
88+
"url": "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py"
7989
}
8090
]
8191
}

2021/22xxx/CVE-2021-22504.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22504",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "Operations Bridge Manager.",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10"
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "Arbitrary code execution."
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://softwaresupport.softwaregrp.com/doc/KM03777855",
50+
"url": "https://softwaresupport.softwaregrp.com/doc/KM03777855"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server."
1559
}
1660
]
1761
}

2021/22xxx/CVE-2021-22977.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22977",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "BIG-IP",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "16.0.0-16.0.1, 14.1.2.4-14.1.3"
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "DoS"
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://support.f5.com/csp/article/K14693346",
50+
"url": "https://support.f5.com/csp/article/K14693346"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated."
1559
}
1660
]
1761
}

2021/22xxx/CVE-2021-22978.json

Lines changed: 47 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,58 @@
44
"data_version": "4.0",
55
"CVE_data_meta": {
66
"ID": "CVE-2021-22978",
7-
"ASSIGNER": "[email protected]",
8-
"STATE": "RESERVED"
7+
"ASSIGNER": "[email protected]",
8+
"STATE": "PUBLIC"
9+
},
10+
"affects": {
11+
"vendor": {
12+
"vendor_data": [
13+
{
14+
"vendor_name": "n/a",
15+
"product": {
16+
"product_data": [
17+
{
18+
"product_name": "BIG-IP",
19+
"version": {
20+
"version_data": [
21+
{
22+
"version_value": "16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions"
23+
}
24+
]
25+
}
26+
}
27+
]
28+
}
29+
}
30+
]
31+
}
32+
},
33+
"problemtype": {
34+
"problemtype_data": [
35+
{
36+
"description": [
37+
{
38+
"lang": "eng",
39+
"value": "XSS"
40+
}
41+
]
42+
}
43+
]
44+
},
45+
"references": {
46+
"reference_data": [
47+
{
48+
"refsource": "MISC",
49+
"name": "https://support.f5.com/csp/article/K87502622",
50+
"url": "https://support.f5.com/csp/article/K87502622"
51+
}
52+
]
953
},
1054
"description": {
1155
"description_data": [
1256
{
1357
"lang": "eng",
14-
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
58+
"value": "On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated."
1559
}
1660
]
1761
}

0 commit comments

Comments
 (0)