admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-16 10:01:04 +00:00
parent b12d7459cd
commit 0045fa7568
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 71 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2021/25xxx/CVE-2021-25940.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a users password is changed by the administrator, the session isnt invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system."
"value": "In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user\u2019s password is changed by the administrator, the session isn\u2019t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system."
}
]
},
@ -84,12 +84,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/arangodb/arangodb/commit/e9c6ee9dcca7b9b4fbcd02a0b323d205bee838d3"
"refsource": "MISC",
"url": "https://github.com/arangodb/arangodb/commit/e9c6ee9dcca7b9b4fbcd02a0b323d205bee838d3",
"name": "https://github.com/arangodb/arangodb/commit/e9c6ee9dcca7b9b4fbcd02a0b323d205bee838d3"
},
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25940"
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25940",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25940"
}
]
},
@ -103,4 +105,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}

10
2021/25xxx/CVE-2021-25965.json
View File

@ -84,12 +84,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/janeczku/calibre-web/commit/50919d47212066c75f03ee7a5332ecf2d584b98e"
"refsource": "MISC",
"url": "https://github.com/janeczku/calibre-web/commit/50919d47212066c75f03ee7a5332ecf2d584b98e",
"name": "https://github.com/janeczku/calibre-web/commit/50919d47212066c75f03ee7a5332ecf2d584b98e"
},
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25965"
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25965",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25965"
}
]
},
@ -103,4 +105,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}

10
2021/25xxx/CVE-2021-25976.json
View File

@ -84,12 +84,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82eda"
"refsource": "MISC",
"url": "https://github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82eda",
"name": "https://github.com/PiranhaCMS/piranha.core/commit/e42abacdd0dd880ce9cf6607efcc24646ac82eda"
},
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976"
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25976"
}
]
},
@ -103,4 +105,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}

12
2021/25xxx/CVE-2021-25982.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies."
"value": "In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the \u201csearch\u201d parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies."
}
]
},
@ -84,12 +84,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-list.vue#L139"
"refsource": "MISC",
"url": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-list.vue#L139",
"name": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-list.vue#L139"
},
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25982"
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25982",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25982"
}
]
},
@ -103,4 +105,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}

12
2021/25xxx/CVE-2021-25983.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies."
"value": "In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the \u201ctags\u201d and \u201ccategory\u201d parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies."
}
]
},
@ -84,12 +84,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-list.vue#L141-L143"
"refsource": "MISC",
"url": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-list.vue#L141-L143",
"name": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-list.vue#L141-L143"
},
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25983"
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25983",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25983"
}
]
},
@ -103,4 +105,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}

12
2021/25xxx/CVE-2021-25984.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies."
"value": "In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the \u201cpost reply\u201d section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies."
}
]
},
@ -84,12 +84,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-reply.vue#L119"
"refsource": "MISC",
"url": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-reply.vue#L119",
"name": "https://github.com/FactorJS/factor/blob/v1.8.30/@plugins/plugin-forum/topic-reply.vue#L119"
},
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25984"
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25984",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25984"
}
]
},
@ -103,4 +105,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}

12
2021/25xxx/CVE-2021-25985.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a users session even after the user logs out of the application. In addition, user sessions are stored in the browsers local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover."
"value": "In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user\u2019s session even after the user logs out of the application. In addition, user sessions are stored in the browser\u2019s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover."
}
]
},
@ -84,12 +84,14 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://github.com/FactorJS/factor/blob/v1.8.30/@factor/user/util.ts#L65"
"refsource": "MISC",
"url": "https://github.com/FactorJS/factor/blob/v1.8.30/@factor/user/util.ts#L65",
"name": "https://github.com/FactorJS/factor/blob/v1.8.30/@factor/user/util.ts#L65"
},
{
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25985"
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25985",
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25985"
}
]
},
@ -103,4 +105,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}

11
2021/37xxx/CVE-2021-37580.json
View File

@ -33,7 +33,7 @@
"credit": [
{
"lang": "eng",
"value": "This issue was reported by 伍 雄"
"value": "This issue was reported by \u4f0d \u96c4"
}
],
"data_format": "MITRE",
@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0"
"value": "A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0"
}
]
},
@ -68,12 +68,13 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb",
"name": "https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

18
2021/3xxx/CVE-2021-3964.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3964",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}