Changeset View
Changeset View
Standalone View
Standalone View
security/vuxml/vuln-2021.xml
<vuln vid="7c555ce3-658d-4589-83dd-4b6a31c5d610"> | |||||
<topic>RabbitMQ-C -- integer overflow leads to heap corruption</topic> | |||||
<affects> | |||||
<package> | |||||
<name>net/rabbitmq-c</name> | |||||
<name>net/rabbitmq-c-devel</name> | |||||
<range><lt>0.10.0</lt></range> | |||||
</package> | |||||
<p>alanxz reports:</p> | |||||
<blockquote cite="https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a"> | |||||
<p>When parsing a frame header, validate that the frame_size is less than | |||||
or equal to INT32_MAX. Given frame_max is limited between 0 and | |||||
INT32_MAX in amqp_login and friends, this does not change the API. | |||||
This prevents a potential buffer overflow when a malicious client sends | |||||
a frame_size that is close to UINT32_MAX, in which causes an overflow | |||||
when computing state->target_size resulting in a small value there. A | |||||
buffer is then allocated with the small amount, then memcopy copies the | |||||
frame_size writing to memory beyond the end of the buffer.</p> | |||||
</blockquote> | |||||
</body> | |||||
</description> | |||||
<references> | |||||
<cvename>CVE-2019-18609</cvename> | |||||
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18609</url> | |||||
</references> | |||||
<dates> | |||||
<discovery>2019-10-29</discovery> | |||||
<entry>2021-06-25</entry> | |||||
</dates> | |||||
</vuln> | |||||
<vuln vid="41bc849f-d5ef-11eb-ae37-589cfc007716"> | <vuln vid="41bc849f-d5ef-11eb-ae37-589cfc007716"> | ||||
<topic>PuppetDB -- SQL Injection</topic> | <topic>PuppetDB -- SQL Injection</topic> | ||||
<affects> | <affects> | ||||
<package> | <package> | ||||
<name>puppetdb6</name> | <name>puppetdb6</name> | ||||
<range><lt>6.17.0</lt></range> | <range><lt>6.17.0</lt></range> | ||||
</package> | </package> | ||||
<package> | <package> | ||||
<name>puppetdb7</name> | <name>puppetdb7</name> | ||||
<range><lt>7.4.1</lt></range> | <range><lt>7.4.1</lt></range> | ||||
</package> | |||||
</affects> | </affects> | ||||
<description> | <description> | ||||
<body xmlns="http://www.w3.org/1999/xhtml"> | <body xmlns="http://www.w3.org/1999/xhtml"> | ||||
<p>Puppet reports:</p> | <p>Puppet reports:</p> | ||||
<blockquote cite="https://puppet.com/docs/puppetdb/latest/release_notes.html#security-fixes"> | <blockquote cite="https://puppet.com/docs/puppetdb/latest/release_notes.html#security-fixes"> | ||||
<p>Fixed an issue where someone with the ability to query PuppetDB could arbitrarily write, update, or delete data CVE-2021-27021 PDB-5138.</p> | <p>Fixed an issue where someone with the ability to query PuppetDB could arbitrarily write, update, or delete data CVE-2021-27021 PDB-5138.</p> | ||||
</blockquote> | </blockquote> | ||||
</body> | </body> | ||||
</description> | </description> | ||||
<references> | <references> | ||||
<cvename>CVE-2021-27021</cvename> | <cvename>CVE-2021-27021</cvename> | ||||
<url>https://puppet.com/security/cve/cve-2021-27021/</url> | <url>https://puppet.com/security/cve/cve-2021-27021/</url> | ||||
<url>https://tickets.puppetlabs.com/browse/PDB-5138</url> | <url>https://tickets.puppetlabs.com/browse/PDB-5138</url> | ||||
</references> | </references> | ||||
<dates> | <dates> | ||||
<discovery>2021-06-24</discovery> | <discovery>2021-06-24</discovery> | ||||
<entry>2021-06-25</entry> | |||||
</dates> | |||||
</vuln> | |||||
<vuln vid="4c9159ea-d4c9-11eb-aeee-8c164582fbac"> | <vuln vid="4c9159ea-d4c9-11eb-aeee-8c164582fbac"> | ||||
<topic>Ansible -- Templating engine bug</topic> | <topic>Ansible -- Templating engine bug</topic> | ||||
<affects> | <affects> | ||||
<package> | <package> | ||||
<name>py36-ansible-core</name> | <name>py36-ansible-core</name> | ||||
<name>py37-ansible-core</name> | <name>py37-ansible-core</name> | ||||
<name>py38-ansible-core</name> | <name>py38-ansible-core</name> | ||||
▲ Show 20 Lines • Show All 6,423 Lines • Show Last 20 Lines |