Skip to content

Commit

Permalink
Advisory Database Sync
Browse files Browse the repository at this point in the history
  • Loading branch information
@advisory-database
advisory-database[bot] committed Jul 13, 2022
1 parent 7615b22 commit 8d7bbb6
Show file tree
Hide file tree
Showing 374 changed files with 9,141 additions and 362 deletions.
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-22f9-g2j6-q686/GHSA-22f9-g2j6-q686.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-22f9-g2j6-q686",
"modified": "2022-05-24T19:20:05Z",
"modified": "2022-07-13T00:01:24Z",
"published": "2022-05-24T19:20:05Z",
"aliases": [
"CVE-2021-31601"
],
"details": "An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-25hm-2vqm-695w/GHSA-25hm-2vqm-695w.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-25hm-2vqm-695w",
"modified": "2022-05-24T19:20:32Z",
"modified": "2022-07-13T00:01:20Z",
"published": "2022-05-24T19:20:32Z",
"aliases": [
"CVE-2021-30284"
],
"details": "Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"affected": [

Expand Down
11 changes: 9 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-26rp-x6jf-5qx8/GHSA-26rp-x6jf-5qx8.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-26rp-x6jf-5qx8",
"modified": "2022-05-24T22:01:43Z",
"modified": "2022-07-13T00:01:31Z",
"published": "2022-05-24T22:01:43Z",
"aliases": [
"CVE-2021-36791"
],
"details": "The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [

Expand All @@ -18,6 +21,10 @@
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36791"
},
{
"type": "WEB",
"url": "https://typo3.org/help/security-advisories/security"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-013"
Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-278x-ggmc-78v9/GHSA-278x-ggmc-78v9.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-278x-ggmc-78v9",
"modified": "2022-05-24T19:20:01Z",
"modified": "2022-07-13T00:00:51Z",
"published": "2022-05-24T19:20:01Z",
"aliases": [
"CVE-2020-4160"
],
"details": "IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-2fc3-gg5g-pf65/GHSA-2fc3-gg5g-pf65.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-2fc3-gg5g-pf65",
"modified": "2022-05-24T19:20:09Z",
"modified": "2022-07-13T00:01:43Z",
"published": "2022-05-24T19:20:09Z",
"aliases": [
"CVE-2021-43183"
],
"details": "In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-2qwq-gqpm-q83g/GHSA-2qwq-gqpm-q83g.json
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,18 @@
{
"schema_version": "1.2.0",
"id": "GHSA-2qwq-gqpm-q83g",
"modified": "2022-05-24T22:01:28Z",
"modified": "2022-07-13T00:01:11Z",
"published": "2022-05-24T22:01:28Z",
"aliases": [
"CVE-2021-26857"
],
"summary": "Rails is bad",
"details": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-3fq5-562h-h369/GHSA-3fq5-562h-h369.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-3fq5-562h-h369",
"modified": "2022-05-24T19:19:22Z",
"modified": "2022-07-13T00:01:04Z",
"published": "2022-05-24T19:19:22Z",
"aliases": [
"CVE-2021-20136"
],
"details": "ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-3q9f-2cp9-wp8v/GHSA-3q9f-2cp9-wp8v.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-3q9f-2cp9-wp8v",
"modified": "2022-05-24T19:20:59Z",
"modified": "2022-07-13T00:00:58Z",
"published": "2022-05-24T19:20:59Z",
"aliases": [
"CVE-2021-0151"
],
"details": "Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-3qcr-p3xq-5c4r/GHSA-3qcr-p3xq-5c4r.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-3qcr-p3xq-5c4r",
"modified": "2022-05-24T19:19:29Z",
"modified": "2022-07-13T00:01:31Z",
"published": "2022-05-24T19:19:29Z",
"aliases": [
"CVE-2021-36924"
],
"details": "RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-467j-x6m2-42ch/GHSA-467j-x6m2-42ch.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-467j-x6m2-42ch",
"modified": "2022-05-24T19:19:32Z",
"modified": "2022-07-13T00:00:52Z",
"published": "2022-05-24T19:19:32Z",
"aliases": [
"CVE-2020-6931"
],
"details": "HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-487f-h6j7-w985/GHSA-487f-h6j7-w985.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-487f-h6j7-w985",
"modified": "2022-05-24T19:20:35Z",
"modified": "2022-07-13T00:01:43Z",
"published": "2022-05-24T19:20:35Z",
"aliases": [
"CVE-2021-42773"
],
"details": "Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-4jx7-9647-hpx8/GHSA-4jx7-9647-hpx8.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-4jx7-9647-hpx8",
"modified": "2022-05-24T19:19:56Z",
"modified": "2022-07-13T00:01:34Z",
"published": "2022-05-24T19:19:56Z",
"aliases": [
"CVE-2021-37471"
],
"details": "A restricted shell escape sequence is possible on Cradlepoint IBR900-600 7.2.60 devices that can lead to an attacker denying the availability of all console or SSH command-line access.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-4xj3-j2jq-5hjr/GHSA-4xj3-j2jq-5hjr.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-4xj3-j2jq-5hjr",
"modified": "2022-05-24T19:19:17Z",
"modified": "2022-07-13T00:01:32Z",
"published": "2022-05-24T19:19:17Z",
"aliases": [
"CVE-2021-3704"
],
"details": "Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-5984-mr35-258v/GHSA-5984-mr35-258v.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-5984-mr35-258v",
"modified": "2022-05-24T19:20:42Z",
"modified": "2022-07-13T00:01:43Z",
"published": "2022-05-24T19:20:42Z",
"aliases": [
"CVE-2021-42954"
],
"details": "Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-5j5p-cr5c-763j/GHSA-5j5p-cr5c-763j.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-5j5p-cr5c-763j",
"modified": "2022-05-24T19:20:17Z",
"modified": "2022-07-13T00:01:48Z",
"published": "2022-05-24T19:20:17Z",
"aliases": [
"CVE-2021-43563"
],
"details": "An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-693p-74cq-565g/GHSA-693p-74cq-565g.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-693p-74cq-565g",
"modified": "2022-05-24T19:21:02Z",
"modified": "2022-07-13T00:00:54Z",
"published": "2022-05-24T19:21:02Z",
"aliases": [
"CVE-2021-0121"
],
"details": "Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-6ww5-4467-wvxf/GHSA-6ww5-4467-wvxf.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-6ww5-4467-wvxf",
"modified": "2022-05-24T19:20:21Z",
"modified": "2022-07-13T00:01:42Z",
"published": "2022-05-24T19:20:21Z",
"aliases": [
"CVE-2021-42288"
],
"details": "Windows Hello Security Feature Bypass Vulnerability",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-6x33-fgpv-f89f/GHSA-6x33-fgpv-f89f.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-6x33-fgpv-f89f",
"modified": "2022-05-24T19:21:00Z",
"modified": "2022-07-13T00:00:54Z",
"published": "2022-05-24T19:21:00Z",
"aliases": [
"CVE-2021-0110"
],
"details": "Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [

Expand Down
7 changes: 5 additions & 2 deletions advisories/unreviewed/2022/05/GHSA-738r-q8gh-xrrc/GHSA-738r-q8gh-xrrc.json
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
{
"schema_version": "1.2.0",
"id": "GHSA-738r-q8gh-xrrc",
"modified": "2022-05-24T22:28:21Z",
"modified": "2022-07-13T00:01:16Z",
"published": "2022-05-24T22:28:21Z",
"aliases": [
"CVE-2021-29415"
],
"details": "The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operation.",
"severity": [

{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [

Expand Down

0 comments on commit 8d7bbb6

Please sign in to comment.