Skip to content

Commit

Permalink
"-Synchronized-Data."
Browse files Browse the repository at this point in the history
  • Loading branch information
cve-team committed Jan 26, 2021
1 parent db17b8b commit a7b648d
Show file tree
Hide file tree
Showing 7 changed files with 168 additions and 85 deletions.
82 changes: 4 additions & 78 deletions 2020/28xxx/CVE-2020-28492.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,90 +3,16 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-26T16:12:22.733071Z",
"ID": "CVE-2020-28492",
"STATE": "PUBLIC",
"TITLE": "Regular Expression Denial of Service (ReDoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jinja2",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "0.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Regular Expression Denial of Service (ReDoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994",
"name": "https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994"
},
{
"refsource": "MISC",
"url": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20",
"name": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20"
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package jinja2 from 0.0.0. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Yeting Li"
}
]
}
}
5 changes: 5 additions & 0 deletions 2020/36xxx/CVE-2020-36193.json
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,11 @@
"refsource": "MISC",
"name": "https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916"
},
{
"refsource": "CONFIRM",
"name": "https://www.drupal.org/sa-core-2021-001",
"url": "https://www.drupal.org/sa-core-2021-001"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210121 [SECURITY] [DLA-2530-1] drupal7 security update",
Expand Down
66 changes: 60 additions & 6 deletions 2021/3xxx/CVE-2021-3165.json
Original file line number Diff line number Diff line change
@@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-3165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://orionhridoy.me",
"refsource": "MISC",
"name": "https://orionhridoy.me"
},
{
"url": "https://www.smtagent.com/support",
"refsource": "MISC",
"name": "https://www.smtagent.com/support"
},
{
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/160906/SmartAgent-3.1.0-Privilege-Escalation.html",
"url": "https://packetstormsecurity.com/files/160906/SmartAgent-3.1.0-Privilege-Escalation.html"
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion 2021/3xxx/CVE-2021-3193.json
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper access and command validation in the Docker config wizard of Nagios XI before 5.8.0 allows an authenticated attacker to execute remote code as the apache user."
"value": "Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user."
}
]
},
Expand Down
18 changes: 18 additions & 0 deletions 2021/3xxx/CVE-2021-3315.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
18 changes: 18 additions & 0 deletions 2021/3xxx/CVE-2021-3316.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
62 changes: 62 additions & 0 deletions 2021/3xxx/CVE-2021-3317.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection",
"refsource": "MISC",
"name": "https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection"
}
]
}
}

0 comments on commit a7b648d

Please sign in to comment.