admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-05-06 13:01:50 +00:00
parent fd799c0968
commit 04091ce939
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
74 changed files with 3607 additions and 1629 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2020/17xxx/CVE-2020-17517.json
View File

@ -64,25 +64,10 @@
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"name": "[ozone-dev] 20210427 CVE-2020-17517: Apache Ozone: Ozone S3 Gateway allows bucket and key access to non authenticated users",
"url": "https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa@%3Cdev.ozone.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210427 CVE-2020-17517: Apache Ozone: Ozone S3 Gateway allows bucket and key access to non authenticated users",
"url": "http://www.openwall.com/lists/oss-security/2021/04/27/1"
},
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3E",
"name": "https://lists.apache.org/thread.html/rdd59a176b32c63f7fc0865428bf9bbc69297fa17f6130c80c25869aa%40%3Cdev.ozone.apache.org%3E"
},
{
"refsource": "MISC",
"name": "https://github.com/CVEProject/cvelist/pull/1455",
"url": "https://github.com/CVEProject/cvelist/pull/1455"
}
]
},
@ -95,4 +80,4 @@
"value": "Upgrade to the latest Apache Ozone 1.1.0 release."
}
]
}
}

56
2020/19xxx/CVE-2020-19107.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19107",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9",
"refsource": "MISC",
"name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/9"
}
]
}

56
2020/19xxx/CVE-2020-19108.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10",
"refsource": "MISC",
"name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/10"
}
]
}

56
2020/19xxx/CVE-2020-19109.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12",
"refsource": "MISC",
"name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/12"
}
]
}

56
2020/19xxx/CVE-2020-19110.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11",
"refsource": "MISC",
"name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/11"
}
]
}

56
2020/19xxx/CVE-2020-19111.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14",
"refsource": "MISC",
"name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/14"
}
]
}

56
2020/19xxx/CVE-2020-19112.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13",
"refsource": "MISC",
"name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/13"
}
]
}

56
2020/19xxx/CVE-2020-19113.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15",
"refsource": "MISC",
"name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/15"
}
]
}

56
2020/19xxx/CVE-2020-19114.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-19114",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-19114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8",
"refsource": "MISC",
"name": "https://github.com/projectworldsofficial/online-book-store-project-in-php/issues/8"
}
]
}

61
2020/23xxx/CVE-2020-23127.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23127",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://toandak.blogspot.com/2020/05/csrf-vulnerbility-in-chamilo-lms.html",
"refsource": "MISC",
"name": "https://toandak.blogspot.com/2020/05/csrf-vulnerbility-in-chamilo-lms.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF",
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF"
}
]
}

61
2020/23xxx/CVE-2020-23128.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-23128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-23128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://toandak.blogspot.com/2020/05/improper-privilege-management-in.html",
"refsource": "MISC",
"name": "https://toandak.blogspot.com/2020/05/improper-privilege-management-in.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF",
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-41-2020-04-22-Medium-risk-high-impact-CSRF-and-privilege-escalation-via-CSRF"
}
]
}

56
2020/28xxx/CVE-2020-28007.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt"
}
]
}

56
2020/28xxx/CVE-2020-28008.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt"
}
]
}

56
2020/28xxx/CVE-2020-28009.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt"
}
]
}

56
2020/28xxx/CVE-2020-28010.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28010-SLCWD.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28010-SLCWD.txt"
}
]
}

56
2020/28xxx/CVE-2020-28011.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt"
}
]
}

56
2020/28xxx/CVE-2020-28012.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28012",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt"
}
]
}

56
2020/28xxx/CVE-2020-28013.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles \"-F '.('\" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt"
}
]
}

56
2020/28xxx/CVE-2020-28014.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt"
}
]
}

56
2020/28xxx/CVE-2020-28015.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28015",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt"
}
]
}

56
2020/28xxx/CVE-2020-28016.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28016",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because \"-F ''\" is mishandled by parse_fix_phrase."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28016-PFPZA.txt"
}
]
}

56
2020/28xxx/CVE-2020-28017.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28017",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt"
}
]
}

56
2020/28xxx/CVE-2020-28018.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28018-OCORK.txt"
}
]
}

56
2020/28xxx/CVE-2020-28019.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28019-BDATA.txt"
}
]
}

56
2020/28xxx/CVE-2020-28020.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28020",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28020-HSIZE.txt"
}
]
}

56
2020/28xxx/CVE-2020-28021.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28021",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt"
}
]
}

56
2020/28xxx/CVE-2020-28022.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28022",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt"
}
]
}

56
2020/28xxx/CVE-2020-28023.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28023",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt"
}
]
}

56
2020/28xxx/CVE-2020-28024.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28024",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28024-UNGET.txt"
}
]
}

56
2020/28xxx/CVE-2020-28025.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt"
}
]
}

56
2020/28xxx/CVE-2020-28026.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-28026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt"
}
]
}

4
2021/1xxx/CVE-2021-1428.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -89,4 +89,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/1xxx/CVE-2021-1429.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -89,4 +89,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/1xxx/CVE-2021-1430.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
"value": "Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
@ -89,4 +89,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/1xxx/CVE-2021-1438.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device.\r The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.\r "
"value": "A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

4
2021/1xxx/CVE-2021-1447.json
View File

@ -36,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "\r A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root.\r This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials.\r "
"value": "A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials."
}
]
},
@ -83,4 +83,4 @@
],
"discovery": "INTERNAL"
}
}
}

43
2021/21xxx/CVE-2021-21505.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-05-05",
"ID": "CVE-2021-21505",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-05-05",
"ID": "CVE-2021-21505",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "Dell EMC Integrated System for Microsoft Azure Stack Hub",
"product_name": "Dell EMC Integrated System for Microsoft Azure Stack Hub",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "2102"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 \u2013 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 8.0,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-255: Credentials Management"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability",
"name": "https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability"
}
]
}

43
2021/21xxx/CVE-2021-21527.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-05-03",
"ID": "CVE-2021-21527",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-05-03",
"ID": "CVE-2021-21527",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "9.0.0 / 9.1.0 / 9.2.0"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"lang": "eng",
"value": "Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.0,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 6.0,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/000185978"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000185978",
"name": "https://www.dell.com/support/kbdoc/000185978"
}
]
}

45
2021/21xxx/CVE-2021-21550.json
View File

@ -1,10 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-05-03",
"ID": "CVE-2021-21550",
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-05-03",
"ID": "CVE-2021-21550",
"STATE": "PUBLIC"
},
},
"affects": {
"vendor": {
"vendor_data": [
@ -12,59 +12,60 @@
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_affected": "<",
"version_value": "8.2.x, 9.1.x"
}
]
}
}
]
},
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. "
"lang": "eng",
"value": "Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges."
}
]
},
},
"impact": {
"cvss": {
"baseScore": 6.0,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 6.0,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
}
]
}
]
},
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/kbdoc/000185978"
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000185978",
"name": "https://www.dell.com/support/kbdoc/000185978"
}
]
}

85
2021/22xxx/CVE-2021-22211.json
View File

@ -4,15 +4,92 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-22211",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve@gitlab.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "GitLab",
"product": {
"product_data": [
{
"product_name": "GitLab",
"version": {
"version_data": [
{
"version_value": ">=13.11, <13.11.2"
},
{
"version_value": ">=13.10, <13.10.4"
},
{
"version_value": ">=13.7, <13.9.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization in GitLab"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/298847",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/298847",
"refsource": "MISC"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22211.json",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22211.json",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling."
}
]
}
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 3.0,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
]
}

154
2021/24xxx/CVE-2021-24244.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24244",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bitorbit",
"product": {
"product_data": [
{
"product_name": "WPBakery Page Builder (Visual Composer) Clipboard",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "4.5.0",
"version_value": "4.5.0"
},
{
"version_affected": "<",
"version_name": "4.5.8",
"version_value": "4.5.8"
"CVE_data_meta": {
"ID": "CVE-2021-24244",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options Update"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "bitorbit",
"product": {
"product_data": [
{
"product_name": "WPBakery Page Builder (Visual Composer) Clipboard",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "4.5.0",
"version_value": "4.5.0"
},
{
"version_affected": "<",
"version_name": "4.5.8",
"version_value": "4.5.8"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email)."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9",
"name": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9"
},
{
"refsource": "MISC",
"url": "https://codecanyon.net/item/visual-composer-clipboard/8897711",
"name": "https://codecanyon.net/item/visual-composer-clipboard/8897711"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-863 Incorrect Authorization",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email)."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Charles Strader Sweethill"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://codecanyon.net/item/visual-composer-clipboard/8897711",
"name": "https://codecanyon.net/item/visual-composer-clipboard/8897711"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9",
"name": "https://wpscan.com/vulnerability/354b98d8-46a1-4189-b347-198701ea59b9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-863 Incorrect Authorization",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Charles Strader Sweethill"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24256.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24256",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Header, Footer & Blocks Template",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.8",
"version_value": "1.5.8"
"CVE_data_meta": {
"ID": "CVE-2021-24256",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor \u2013 Header, Footer & Blocks Template",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.8",
"version_value": "1.5.8"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Elementor Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e",
"name": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cElementor \u2013 Header, Footer & Blocks Template\u201d WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e",
"name": "https://wpscan.com/vulnerability/a9412fed-aed3-4931-a504-1a86f876892e"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24257.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24257",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Premium Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.2.8",
"version_value": "4.2.8"
"CVE_data_meta": {
"ID": "CVE-2021-24257",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Premium Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.2.8",
"version_value": "4.2.8"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25",
"name": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cPremium Addons for Elementor\u201d WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25",
"name": "https://wpscan.com/vulnerability/4ad8314e-1cbe-4642-b4ee-aac2060f9a25"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

168
2021/24xxx/CVE-2021-24258.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24258",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wpmet",
"product": {
"product_data": [
{
"product_name": "Elements Kit Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0"
"CVE_data_meta": {
"ID": "CVE-2021-24258",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wpmet",
"product": {
"product_data": [
{
"product_name": "Elements Kit Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0"
}
]
}
},
{
"product_name": "Elements Kit Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0"
}
]
}
}
]
}
]
}
},
{
"product_name": "Elements Kit Pro",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.0",
"version_value": "2.2.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f",
"name": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f",
"name": "https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24259.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24259",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Addon Elements",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11.2",
"version_value": "1.11.2"
"CVE_data_meta": {
"ID": "CVE-2021-24259",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Elementor Addon Elements < 1.11.2 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Elementor Addon Elements",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.11.2",
"version_value": "1.11.2"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990",
"name": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cElementor Addon Elements\u201d WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990",
"name": "https://wpscan.com/vulnerability/0719063f-7743-4a34-94b9-f67fd98e5990"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24260.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24260",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Livemesh Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.8",
"version_value": "6.8"
"CVE_data_meta": {
"ID": "CVE-2021-24260",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Livemesh Addons for Elementor < 6.8 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Livemesh Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "6.8",
"version_value": "6.8"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021",
"name": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cLivemesh Addons for Elementor\u201d WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021",
"name": "https://wpscan.com/vulnerability/fa6c7c7c-1027-4fa9-bb55-07ae2bb7f021"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24261.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24261",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "HT Mega Absolute Addons for Elementor Page Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.7",
"version_value": "1.5.7"
"CVE_data_meta": {
"ID": "CVE-2021-24261",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "HT Mega - Absolute Addons for Elementor Page Builder < 1.5.7 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "HT Mega \u2013 Absolute Addons for Elementor Page Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.7",
"version_value": "1.5.7"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “HT Mega Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f",
"name": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cHT Mega \u2013 Absolute Addons for Elementor Page Builder\u201d WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f",
"name": "https://wpscan.com/vulnerability/0377705d-29e9-47db-a5bb-8acaf311a38f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24262.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24262",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WooLentor WooCommerce Elementor Addons + Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.6",
"version_value": "1.8.6"
"CVE_data_meta": {
"ID": "CVE-2021-24262",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "WooLentor - WooCommerce Elementor Addons + Builder < 1.8.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WooLentor \u2013 WooCommerce Elementor Addons + Builder",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.8.6",
"version_value": "1.8.6"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “WooLentor WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b",
"name": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cWooLentor \u2013 WooCommerce Elementor Addons + Builder\u201d WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b",
"name": "https://wpscan.com/vulnerability/d6d16357-2bc3-4053-8274-d0275026e56b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24263.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24263",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "PowerPack Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.2",
"version_value": "2.3.2"
"CVE_data_meta": {
"ID": "CVE-2021-24263",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "PowerPack Addons for Elementor < 2.3.2 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "PowerPack Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.2",
"version_value": "2.3.2"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Elementor Addons PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec",
"name": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cElementor Addons \u2013 PowerPack Addons for Elementor\u201d WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec",
"name": "https://wpscan.com/vulnerability/48876006-b00f-49b7-80a1-b1d6dc2f4eec"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24264.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24264",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Image Hover Effects Elementor Addon",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.4",
"version_value": "1.3.4"
"CVE_data_meta": {
"ID": "CVE-2021-24264",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Image Hover Effects \u2013 Elementor Addon",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.3.4",
"version_value": "1.3.4"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Image Hover Effects Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f",
"name": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cImage Hover Effects \u2013 Elementor Addon\u201d WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f",
"name": "https://wpscan.com/vulnerability/7fd89a49-fbb0-4308-836b-1f12dc585b1f"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24265.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24265",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Rife Elementor Extensions & Templates",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.1.6",
"version_value": "1.1.6"
"CVE_data_meta": {
"ID": "CVE-2021-24265",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Rife Elementor Extensions & Templates < 1.1.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Rife Elementor Extensions & Templates",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.1.6",
"version_value": "1.1.6"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863",
"name": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cRife Elementor Extensions & Templates\u201d WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863",
"name": "https://wpscan.com/vulnerability/9f4771dc-80b5-49ff-9f64-bf6c36f76863"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24266.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24266",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "The Plus Addons for Elementor Page Builder Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.6",
"version_value": "2.0.6"
"CVE_data_meta": {
"ID": "CVE-2021-24266",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "The Plus Addons for Elementor Page Builder Lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.6",
"version_value": "2.0.6"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578",
"name": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cThe Plus Addons for Elementor Page Builder Lite\u201d WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578",
"name": "https://wpscan.com/vulnerability/78014ddd-1cc2-4723-8194-4bf478888578"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24267.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24267",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "All-in-One Addons for Elementor WidgetKit",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.10",
"version_value": "2.3.10"
"CVE_data_meta": {
"ID": "CVE-2021-24267",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "All-in-One Addons for Elementor - WidgetKit < 2.3.10 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "All-in-One Addons for Elementor \u2013 WidgetKit",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.3.10",
"version_value": "2.3.10"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “All-in-One Addons for Elementor WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19",
"name": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cAll-in-One Addons for Elementor \u2013 WidgetKit\u201d WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19",
"name": "https://wpscan.com/vulnerability/0c96f3a1-d192-481f-9035-5393f4aadc19"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24268.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24268",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "JetWidgets For Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.9",
"version_value": "1.0.9"
"CVE_data_meta": {
"ID": "CVE-2021-24268",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "JetWidgets For Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0.9",
"version_value": "1.0.9"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b",
"name": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cJetWidgets For Elementor\u201d WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b",
"name": "https://wpscan.com/vulnerability/68ecb965-2a9d-4e67-b069-c3dbfb14016b"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24269.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24269",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Sina Extension for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.3.12",
"version_value": "3.3.12"
"CVE_data_meta": {
"ID": "CVE-2021-24269",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Sina Extension for Elementor < 3.3.12 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Sina Extension for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.3.12",
"version_value": "3.3.12"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9",
"name": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cSina Extension for Elementor\u201d WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9",
"name": "https://wpscan.com/vulnerability/df953a91-f1d8-42e9-8966-f2012d4f97c9"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24270.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24270",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "DethemeKit For Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.5.5",
"version_value": "1.5.5.5"
"CVE_data_meta": {
"ID": "CVE-2021-24270",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "DethemeKit For Elementor < 1.5.5.5 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "DethemeKit For Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.5.5.5",
"version_value": "1.5.5.5"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978",
"name": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cDeTheme Kit for Elementor\u201d WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978",
"name": "https://wpscan.com/vulnerability/67967784-18b6-4e41-9597-3a4c051f3978"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

144
2021/24xxx/CVE-2021-24271.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24271",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ultimate Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.30.0",
"version_value": "1.30.0"
"CVE_data_meta": {
"ID": "CVE-2021-24271",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Ultimate Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.30.0",
"version_value": "1.30.0"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79",
"name": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cUltimate Addons for Elementor\u201d WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79",
"name": "https://wpscan.com/vulnerability/1ce8e188-6ded-413e-b4d1-bf80258acf79"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}

146
2021/24xxx/CVE-2021-24273.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24273",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CleverSoft",
"product": {
"product_data": [
{
"product_name": "Clever Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.0",
"version_value": "2.1.0"
"CVE_data_meta": {
"ID": "CVE-2021-24273",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Clever Addons for Elementor < 2.1.0 - Contributor+ Stored XSS"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CleverSoft",
"product": {
"product_data": [
{
"product_name": "Clever Addons for Elementor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.1.0",
"version_value": "2.1.0"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6",
"name": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6"
},
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \u201cClever Addons for Elementor\u201d WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/",
"name": "https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem/"
},
{
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6",
"name": "https://wpscan.com/vulnerability/70ddb3fd-d819-4d85-9f8b-1451a3e3e5a6"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ramuel Gall"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}

61
2021/26xxx/CVE-2021-26543.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-26543",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-26543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The \"gitDiff\" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.npmjs.com/package/git-parse",
"refsource": "MISC",
"name": "https://www.npmjs.com/package/git-parse"
},
{
"refsource": "MISC",
"name": "https://advisory.checkmarx.net/advisory/CX-2020-4302",
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4302"
}
]
}

56
2021/27xxx/CVE-2021-27216.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-27216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt",
"url": "https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt"
}
]
}

4
2021/29xxx/CVE-2021-29101.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2021-05-03T18:39:00.000Z",
"ID": "CVE-2021-29101",
"STATE": "PUBLIC",
@ -96,4 +96,4 @@
],
"discovery": "EXTERNAL"
}
}
}

96
2021/29xxx/CVE-2021-29921.json
View File

@ -1,17 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-29921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/sickcodes",
"refsource": "MISC",
"name": "https://github.com/sickcodes"
},
{
"url": "https://docs.python.org/3/library/ipaddress.html",
"refsource": "MISC",
"name": "https://docs.python.org/3/library/ipaddress.html"
},
{
"url": "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst",
"refsource": "MISC",
"name": "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst"
},
{
"refsource": "MISC",
"name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md",
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md"
},
{
"refsource": "MISC",
"name": "https://sick.codes/sick-2021-014",
"url": "https://sick.codes/sick-2021-014"
},
{
"refsource": "MISC",
"name": "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html",
"url": "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html"
},
{
"refsource": "MISC",
"name": "https://bugs.python.org/issue36384",
"url": "https://bugs.python.org/issue36384"
},
{
"refsource": "MISC",
"name": "https://github.com/python/cpython/pull/12577",
"url": "https://github.com/python/cpython/pull/12577"
},
{
"refsource": "MISC",
"name": "https://github.com/python/cpython/pull/25099",
"url": "https://github.com/python/cpython/pull/25099"
}
]
}

71
2021/31xxx/CVE-2021-31245.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Ysurac/openmptcprouter-vps-admin",
"refsource": "MISC",
"name": "https://github.com/Ysurac/openmptcprouter-vps-admin"
},
{
"url": "https://www.openmptcprouter.com/",
"refsource": "MISC",
"name": "https://www.openmptcprouter.com/"
},
{
"refsource": "MISC",
"name": "https://medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1",
"url": "https://medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1"
},
{
"refsource": "MISC",
"name": "https://github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c#diff-b89ee68e63302a732d4bde35eb04a205b06f1611147e139642356f173195ab80",
"url": "https://github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c#diff-b89ee68e63302a732d4bde35eb04a205b06f1611147e139642356f173195ab80"
}
]
}

61
2021/31xxx/CVE-2021-31532.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 and B2), i.MX RT600 (silicon rev A0, B0), LPC55S6x, LPC55S2x, LPC552x (silicon rev 0A, 1B), and LPC55S1x, LPC551x (silicon rev 0A) include an undocumented ROM patch peripheral that allows unsigned, non-persistent modification of the internal ROM. The peripheral is accessible from any execution mode (secure/privileged, secure/unprivileged, non-secure/privileged, non-secure/unprivileged). The ROM includes a set of APIs intended for use by a secure application to perform flash and in-application programming (IAP) operations. An attacker may use the ROM patch peripheral to modify the implementation of these ROM APIs from a non-secure, unprivileged context. If a non-secure application can also cause the secure application to invoke these ROM APIs, this provides privilege escalation and arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nxp.com",
"refsource": "MISC",
"name": "https://www.nxp.com"
},
{
"refsource": "MISC",
"name": "https://oxide.computer/blog/lpc55/",
"url": "https://oxide.computer/blog/lpc55/"
}
]
}

66
2021/31xxx/CVE-2021-31616.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31616",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-31616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0",
"refsource": "MISC",
"name": "https://github.com/keepkey/keepkey-firmware/releases/tag/v7.1.0"
},
{
"url": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836",
"refsource": "MISC",
"name": "https://github.com/keepkey/keepkey-firmware/commit/e49d45594002d4d3fbc1f03488e6dfc0a0a65836"
},
{
"refsource": "MISC",
"name": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/",
"url": "https://blog.inhq.net/posts/keepkey-CVE-2021-31616/"
}
]
}

77
2021/32xxx/CVE-2021-32062.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://mapserver.org/development/changelog/changelog-7-6.html",
"refsource": "MISC",
"name": "https://mapserver.org/development/changelog/changelog-7-6.html"
},
{
"url": "https://mapserver.org/development/changelog/changelog-7-4.html",
"refsource": "MISC",
"name": "https://mapserver.org/development/changelog/changelog-7-4.html"
},
{
"url": "https://mapserver.org/development/changelog/changelog-7-2.html",
"refsource": "MISC",
"name": "https://mapserver.org/development/changelog/changelog-7-2.html"
},
{
"url": "https://mapserver.org/development/changelog/changelog-7-0.html",
"refsource": "MISC",
"name": "https://mapserver.org/development/changelog/changelog-7-0.html"
}
]
}
}

18
2021/32xxx/CVE-2021-32063.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32063",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/32xxx/CVE-2021-32064.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32064",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/32xxx/CVE-2021-32065.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-32065",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

10
2021/3xxx/CVE-2021-3450.json
View File

@ -77,6 +77,11 @@
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"name": "https://www.openssl.org/news/secadv/20210325.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"refsource": "CISCO",
"name": "20210325 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021",
@ -136,6 +141,11 @@
"refsource": "CONFIRM",
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10356",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10356"
},
{
"refsource": "MISC",
"name": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html",
"url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
}
]
}

55
2021/3xxx/CVE-2021-3501.json
View File

@ -4,14 +4,63 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3501",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1950136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950136"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability."
}
]
}

18
2021/3xxx/CVE-2021-3537.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3538.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2021/3xxx/CVE-2021-3539.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-3539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}